CVE-2026-42592

Published: Mag 14, 2026 Last Modified: Mag 18, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname with a short TTL returns a public IP on the first query (Gotenberg allows) and a private IP on the second query (Chromium connects to the attacker-chosen internal address). The CDP Fetch.requestPaused handler re-checks the URL but runs its own DNS resolution, leaving a timing window before Chromium's actual TCP connect. The rendered internal service response returns to the caller as a PDF. This vulnerability is fixed in 8.32.0.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0003
Percentile
0,1th
Updated

EPSS Score Trend (Last 6 Days)

367

Time-of-check Time-of-use (TOCTOU) Race Condition

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Other Non-Repudiation
Potential Impacts:
Alter Execution Logic Unexpected State Modify Application Data Modify Files Or Directories Modify Memory Other Hide Activities
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
918

Server-Side Request Forgery (SSRF)

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control
Potential Impacts:
Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Technologies: Web Based, AI/ML, Web Server
View CWE Details
Application

Gotenberg by Thecodingmachine

Product Information
Vendor Thecodingmachine
Product Gotenberg
Version Range Affected
To 8.32.0 (exclusive)
cpe:2.3:a:thecodingmachine:gotenberg:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/gotenberg/gotenberg/security/advisories/…
https://github.com/gotenberg/gotenberg/security/advisories/GHSA-2pmr-289p-44r3
https://github.com/gotenberg/gotenberg/security/advisories/…
https://github.com/gotenberg/gotenberg/security/advisories/GHSA-2pmr-289p-44r3