| CVE-2026-42595 |
high |
8.6 |
8.6 |
14d ago |
Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass |
|
| CVE-2026-42591 |
high |
8.2 |
8.2 |
14d ago |
Gotenberg has a Server-Side Request Forgery (SSRF) Issue |
|
| CVE-2026-42590 |
high |
8.2 |
8.2 |
14d ago |
Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist |
|
| CVE-2026-40893 |
high |
8.2 |
8.2 |
14d ago |
Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move |
|
| CVE-2026-42594 |
high |
7.5 |
7.5 |
14d ago |
Gotenberg has an unauthenticated denial of service via echo.Context pool reuse in webhook async goroutine |
|
| CVE-2026-40280 |
high |
7.5 |
7.5 |
23d ago |
Gotenberg has case-insensitive URL scheme that bypasses webhook and downloadFrom deny-list SSRF protection |
|
| CVE-2026-39383 |
high |
7.2 |
7.2 |
23d ago |
Gotenberg Vulnerable to Unauthenticated SSRF via Unfiltered Webhook URL |
|