CVE-2026-42596
CRITICAL
9,4
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: low
Description
AI Translation Available
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://[::ffff:127.0.0.1]:... and reach loopback or private HTTP services that the default deny-list is intended to block. This crosses a real security boundary because an external caller can force the server to make outbound requests to internal-only targets. This vulnerability is fixed in 8.31.0.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0007
Percentile
0,2th
Updated
EPSS Score Trend (Last 6 Days)
918
Server-Side Request Forgery (SSRF)
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Potential Impacts:
Read Application Data
Execute Unauthorized Code Or Commands
Bypass Protection Mechanism
Applicable Platforms
Technologies:
Web Based, AI/ML, Web Server
Application
Gotenberg by Thecodingmachine
Version Range Affected
To
8.31.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:thecodingmachine:gotenberg:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/gotenberg/gotenberg/security/advisories/GHSA-4vmc-gm8v-m35h
https://github.com/gotenberg/gotenberg/security/advisories/GHSA-4vmc-gm8v-m35h