Vulnerabilidades em gotenberg
15 resultadosCVE-2026-42589CRITICALGotenberg: Unauthenticated RCE via ExifTool Metadata Key InjectionEPSS 2.9%CVE-2026-40281CRITICALGotenberg vulnerable to argument injection via newlines in ExifTool metadata valuesEPSS 0.6%CVE-2026-27018HIGHGotenberg: Chromium deny-list bypass via case-insensitive URL schemeEPSS 0.5%CVE-2026-35458HIGHGotenberg has a ReDoS via extraHttpHeaders scope featureEPSS 0.5%CVE-2026-40280HIGHGotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-listsEPSS 0.5%CVE-2026-42596CRITICALGotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhookEPSS 0.4%CVE-2026-42594HIGHGotenberg: Unauthenticated denial of service via echo.Context pool reuse in webhook async goroutineEPSS 0.3%CVE-2026-40893HIGHGotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and MoveEPSS 0.3%CVE-2026-42595HIGHGotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List BypassEPSS 0.3%CVE-2026-42593MEDIUMGotenberg: Arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routesEPSS 0.3%CVE-2026-42590HIGHGotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklistEPSS 0.3%CVE-2026-42597MEDIUMGotenberg: Chromium URL conversion routes read arbitrary files under /tmp via file:// schemeEPSS 0.3%CVE-2026-42591HIGHGotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8EPSS 0.2%CVE-2026-39383MEDIUMGotenberg unauthenticated blind SSRF via unfiltered webhook URLEPSS 0.2%CVE-2026-42592MEDIUMGotenberg: DNS rebinding bypasses SSRF validation on Chromium URL conversion routesEPSS 0.2%