CVE-2026-40281— Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

CVSS 10.0 · Critical EPSS 0.09% · P25 Updated May 07, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-40281

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

Source: NVD (National Vulnerability Database)

Vulnerability Description

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate arguments, allowing injection of arbitrary ExifTool pseudo-tags such as -FileName, -Directory, -SymLink, and -HardLink. This is a bypass of the incomplete key-sanitization fix introduced in v8.30.1. An unauthenticated attacker can rename or move any PDF being processed to an arbitrary path in the container filesystem, overwrite arbitrary files, or create symlinks and hard links at arbitrary paths.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

参数注入或修改

Source: NVD (National Vulnerability Database)

Vulnerability Title

Gotenberg 参数注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Gotenberg是Gotenberg开源的一个开发人员友好的 API。用于将多种文档格式转换为 PDF 文件。 Gotenberg 8.30.1及之前版本存在参数注入漏洞，该漏洞源于元数据写入端点未对元数据值进行清理，可能导致未经身份验证的攻击者通过换行符注入任意ExifTool伪标签，重命名或移动PDF文件、覆盖任意文件或创建符号链接和硬链接。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
gotenberg	gotenberg	<= 8.30.1	-

II. Public POCs for CVE-2026-40281

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

Qwen3.6-35B-A3B · 9334 chars

Paid plan includes:

In-depth vulnerability mechanism

Trigger conditions & impact

Full executable POC code

Exploit chain & mitigation

POC zip download

100+ AI POC generations per month

Upgrade Pro to unlock ¥99/month Sign up first

III. Intelligence Information for CVE-2026-40281

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: gotenberg

Same vendor: gotenberg

Same weakness: CWE-88

V. Comments for CVE-2026-40281

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-40281— Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

I. Basic Information for CVE-2026-40281

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2026-40281

III. Intelligence Information for CVE-2026-40281

IV. Related Vulnerabilities

V. Comments for CVE-2026-40281

Leave a comment