{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/gotenberg--8.10.0--8.32.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Gotenberg (\u003e= 8.10.0, \u003c= 8.32.0)"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","race-condition","webserver"],"_cs_type":"advisory","_cs_vendors":["Gotenberg"],"content_html":"\u003cp\u003eGotenberg versions 8.10.0 through 8.32.0 are susceptible to a remote denial-of-service (DoS) vulnerability due to a race condition in how it handles multipart requests with multiple \u003ccode\u003edownloadFrom\u003c/code\u003e entries. This vulnerability arises because the \u003ccode\u003enewContext\u003c/code\u003e function, responsible for parsing multipart requests, initiates concurrent goroutines for each \u003ccode\u003edownloadFrom\u003c/code\u003e entry. These goroutines then attempt to write to shared maps without proper synchronization, leading to a fatal runtime crash due to concurrent map writes. The vulnerable \u003ccode\u003edownloadFrom\u003c/code\u003e feature was introduced in commit \u003ccode\u003ef2b6bd3d\u003c/code\u003e. In the default Gotenberg configuration, the \u003ccode\u003edownloadFrom\u003c/code\u003e feature is enabled, and authentication is disabled, making exposed instances vulnerable to unauthenticated remote attackers.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker sends a crafted HTTP POST request to a Gotenberg multipart conversion endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes a \u003ccode\u003eContent-Type\u003c/code\u003e header set to \u003ccode\u003emultipart/form-data\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe request contains a \u003ccode\u003edownloadFrom\u003c/code\u003e field with a JSON payload consisting of multiple URLs.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003enewContext\u003c/code\u003e function parses the multipart request and extracts the \u003ccode\u003edownloadFrom\u003c/code\u003e field.\u003c/li\u003e\n\u003cli\u003eFor each URL in the \u003ccode\u003edownloadFrom\u003c/code\u003e payload, a new goroutine is spawned using \u003ccode\u003eerrgroup.Go()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEach goroutine attempts to download the file from the specified URL.\u003c/li\u003e\n\u003cli\u003eAfter downloading (or failing to download), each goroutine attempts to write to shared maps (\u003ccode\u003ectx.files\u003c/code\u003e, \u003ccode\u003ectx.diskToOriginal\u003c/code\u003e, \u003ccode\u003ectx.filesByField\u003c/code\u003e) within the request context.\u003c/li\u003e\n\u003cli\u003eDue to the lack of synchronization mechanisms, concurrent writes to these maps occur, resulting in a runtime crash (fatal error: concurrent map writes), causing a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to a denial-of-service (DoS) condition. Any Gotenberg deployment that exposes multipart conversion endpoints with the \u003ccode\u003edownloadFrom\u003c/code\u003e feature enabled is potentially vulnerable. The default configuration, where \u003ccode\u003edownloadFrom\u003c/code\u003e is enabled and authentication is disabled, makes internet-exposed deployments susceptible to unauthenticated process termination. This vulnerability directly impacts the availability of the Gotenberg service but does not compromise confidentiality or integrity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Gotenberg version 8.33.0 or later, which contains the fix for CVE-2026-45742.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, disable the \u003ccode\u003edownloadFrom\u003c/code\u003e feature in Gotenberg\u0026rsquo;s configuration to mitigate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to multipart conversion endpoints containing a large number of \u003ccode\u003edownloadFrom\u003c/code\u003e parameters, which could indicate an attempted exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T16:57:25Z","date_published":"2026-05-29T16:57:25Z","id":"https://feed.craftedsignal.io/briefs/2026-05-gotenberg-dos/","summary":"Gotenberg is vulnerable to a remote denial-of-service (DoS) in multipart `downloadFrom` handling, where a crafted multipart request with multiple `downloadFrom` entries causes concurrent goroutines to write to shared maps without synchronization, leading to process termination.","title":"Gotenberg Denial-of-Service Vulnerability via Multipart downloadFrom Handling","url":"https://feed.craftedsignal.io/briefs/2026-05-gotenberg-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Gotenberg (\u003e= 8.10.0, \u003c= 8.32.0)","version":"https://jsonfeed.org/version/1.1"}