Skip to main content

Gotenberg v8 CVE-2026-42590

| EUVDEUVD-2026-30316 HIGH
Incomplete List of Disallowed Inputs (CWE-184)
2026-05-07 https://github.com/gotenberg/gotenberg GHSA-7v3r-m9c8-r855
8.2
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

4
Patch available
May 14, 2026 - 18:02 EUVD
Source Code Evidence Fetched
May 07, 2026 - 01:16 vuln.today
Analysis Generated
May 07, 2026 - 01:16 vuln.today
CVE Published
May 07, 2026 - 00:55 nvd
HIGH 8.2

DescriptionGitHub Advisory

Summary

The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m.

Details

The blocklist in pkg/modules/exiftool/exiftool.go filters four dangerous pseudo-tags (FileName, Directory, HardLink, SymLink) using strings.EqualFold(key, tag). However, ExifTool supports group-prefix syntax where File:FileName is processed identically to FileName -- the prefix is stripped by SetNewValue in Writer.pl before tag matching.

The safeKeyPattern regex (^[a-zA-Z0-9\-_.:]+$) allows colons, so prefixed tag names pass validation. Any prefix works: File:FileName, System:Directory, a:HardLink, etc.

Additionally, FilePermissions, FileUserID, and FileGroupID pseudo-tags are not blocked at all and can modify file attributes without any prefix.

PoC

bash
# Rename the converted PDF (bypasses FileName blocklist)
curl -F "files=@test.pdf" \
  -F 'metadata={"File:FileName":"pwned.pdf"}' \
  http://localhost:3000/forms/pdfengines/metadata/write
# Move the file to /tmp (bypasses Directory blocklist)
curl -F "files=@test.pdf" \
  -F 'metadata={"File:Directory":"/tmp"}' \
  http://localhost:3000/forms/pdfengines/metadata/write
# Create a symlink (bypasses SymLink blocklist)
curl -F "files=@test.pdf" \
  -F 'metadata={"File:SymLink":"/tmp/symlink-poc"}' \
  http://localhost:3000/forms/pdfengines/metadata/write
# Change file permissions (not blocked at all)
curl -F "files=@test.pdf" \
  -F 'metadata={"FilePermissions":"rwxrwxrwx"}' \
  http://localhost:3000/forms/pdfengines/metadata/write

Impact

Pre-auth (no authentication by default). Attacker can rename, move, or create links to files within the Gotenberg container. In deployments with mounted volumes or non-containerized setups, this enables arbitrary file read via symlink chaining and file overwrite via directory manipulation.

This is a direct bypass of the fix for GHSA-qmwh-9m9c-h36m.

AnalysisAI

Remote attackers can manipulate server filesystem operations in Gotenberg v8 by bypassing ExifTool metadata blocklist using group-prefix syntax (e.g., 'File:FileName' instead of 'FileName'). The vulnerability allows unauthenticated file renaming, moving, symlink/hardlink creation, and permission modification on the server. This directly bypasses the previous fix for GHSA-qmwh-9m9c-h36m. Public exploit code exists with working PoC commands. In non-containerized deployments or those with mounted volumes, attackers can achieve arbitrary file read via symlink chaining and file overwrites. CVSS 8.2 (High) with network vector, low complexity, and no authentication required.

Technical ContextAI

Gotenberg is a Go-based API for PDF generation and manipulation that integrates ExifTool for metadata operations. The vulnerability exploits CWE-184 (Incomplete List of Disallowed Inputs) in pkg/modules/exiftool/exiftool.go. The blocklist uses strings.EqualFold() to filter dangerous ExifTool pseudo-tags (FileName, Directory, HardLink, SymLink), but ExifTool's SetNewValue function in Writer.pl strips group prefixes before tag matching, so 'File:FileName' becomes 'FileName' after parsing. The safeKeyPattern regex (^[a-zA-Z0-9\-_.:]+$) permits colons, allowing prefixed variants to pass validation. Additionally, FilePermissions, FileUserID, and FileGroupID pseudo-tags lack any blocklist protection. The affected package is pkg:go/github.com_gotenberg_gotenberg_v8 with all versions through 8.29.1 vulnerable.

RemediationAI

No vendor-released patch identified at time of analysis - GitHub advisory shows 'fixed in: None' for versions through 8.29.1. Monitor https://github.com/gotenberg/gotenberg/security/advisories/GHSA-7v3r-m9c8-r855 for patch availability. Immediate compensating controls: (1) Disable ExifTool metadata write endpoints (/forms/pdfengines/metadata/write) via API gateway or reverse proxy rules if metadata modification is not business-critical - this completely eliminates the attack surface but breaks metadata editing functionality. (2) Implement strict network segmentation to prevent direct internet access to Gotenberg instances, requiring authentication at the application layer before requests reach Gotenberg - adds deployment complexity and latency. (3) Run Gotenberg in isolated containers without host volume mounts and use ephemeral storage only - limits impact to container scope but prevents persistent file storage use cases. (4) Deploy Web Application Firewall rules to block HTTP requests containing 'File:', 'System:', or other ExifTool group prefixes in metadata JSON payloads - can be bypassed with creative prefix variations and requires ongoing rule maintenance. Review previous fix attempt at https://github.com/advisories/GHSA-qmwh-9m9c-h36m to understand mitigation inadequacy.

Share

CVE-2026-42590 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy