Package impact
Go / github.com/gotenberg/gotenberg/v8
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42597 | medium | 5.9 | 5.9 | 21d ago | Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme | |||
| CVE-2026-42593 | medium | 5.3 | 5.3 | 21d ago | Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes | |||
| CVE-2026-42592 | medium | 5.3 | 5.3 | 21d ago | Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes |