Package impact
Go / github.com/gotenberg/gotenberg/v8
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-42597 | medium | 5.9 | 5.9 | 14d ago | Gotenberg allows Chromium URL conversion routes to read arbitrary files under /tmp via file:// scheme | |
| CVE-2026-42593 | medium | 5.3 | 5.3 | 14d ago | Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes | |
| CVE-2026-42592 | medium | 5.3 | 5.3 | 14d ago | Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes |