All 5 CVE vulnerabilities found in gotenberg, with AI-generated Chinese analysis, references, and POCs.
Vendor: gotenberg
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40281 | Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values CWE-88 | 10.0 | Critical | 2026-05-06 |
| CVE-2026-39383 | Gotenberg unauthenticated blind SSRF via unfiltered webhook URL CWE-918 | 8.2 | - | 2026-05-05 |
| CVE-2026-40280 | Gotenberg SSRF via case-insensitive URL scheme bypass in webhook and downloadFrom deny-lists CWE-918 | 5.3 | - | 2026-05-05 |
| CVE-2026-35458 | Gotenberg has a ReDoS via extraHttpHeaders scope feature CWE-1333 | 6.5AI | MediumAI | 2026-04-07 |
| CVE-2026-27018 | Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme CWE-22 | 5.3 | - | 2026-03-30 |
All 5 known CVE vulnerabilities affecting gotenberg with full Chinese analysis, references, and POCs where available.