CVE-2026-42596

Exploit

EPSS 0.35%
Veröffentlicht 14.05.2026 15:19:34
Zuletzt bearbeitet 18.05.2026 12:16:20
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Gotenberg: Unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as http://[::ffff:127.0.0.1]:... and reach loopback or private HTTP services that the default deny-list is intended to block. This crosses a real security boundary because an external caller can force the server to make outbound requests to internal-only targets. This vulnerability is fixed in 8.31.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Thecodingmachine ≫ Gotenberg Version < 8.31.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.268

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.4	3.9	5.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/gotenberg/gotenberg/security/advisories/GHSA-4vmc-gm8v-m35h

Vendor Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2026-42596

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-42596

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-42596

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-42596