VIR Vulnerability Intelligence Relay

Package impact

golang GO / github.com/gotenberg/gotenberg/v8

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42589 critical 9.8 9.8 14d ago Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection golang
CVE-2026-42596 critical 9.4 9.4 14d ago Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in downloadFrom and webhook golang
CVE-2026-40281 critical 9.1 9.1 22d ago Gotenberg has ExifTool stdin argument injection via metadata value newlines (bypass of key sanitization fix) golang
CVE-2026-42597 medium 5.9 5.9 14d ago Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme golang
CVE-2026-42593 medium 5.3 5.3 14d ago Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes golang
CVE-2026-42592 medium 5.3 5.3 14d ago Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes golang