VIR Vulnerability Intelligence Relay

CVE-2026-39383

high
Published 2026-05-05 · Modified 2026-05-08
CVSS v3
7.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVSS v2
VIR risk
7.2

Description

Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL

Predictions

Exploit likelihood
81%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security-advisories@github.com — https://github.com/gotenberg/gotenberg/security/advisories/GHSA-5vh4-rgv7-p9g4

Package impact
EcosystemPackageVulnerableFixed
golang Gogithub.com/gotenberg/gotenberg/v8>=8.29.1,<8.31.08.31.0
golang GOgithub.com/gotenberg/gotenberg/v8>= 8.29.1, < 8.31.08.31.0

Application impact
VendorProductVersionsFixed
thecodingmachinegotenberg{"startIncluding":"8.29.1","endExcluding":"8.31.0"}8.31.0

References

CWEs

CWE-918

Verify integrity in audit chain (admin only). AS-IS.