Tag

Exiftool

1 brief RSS

Gotenberg ExifTool Tag Blocklist Bypass via Group-Prefixed Tag Names

Gotenberg is vulnerable to an ExifTool tag blocklist bypass, allowing unauthenticated attackers to rename, move, and modify permissions of files within the container by using group-prefixed tag names like 'System:FileName' or the 'FilePermissions' tag in HTTP requests.

gotenberg/gotenberg/v8 exiftool file-manipulation cve-2026-40893

2r 1t 3h ago