{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/gotenberg/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Gotenberg (8.29.1)"],"_cs_severities":["high"],"_cs_tags":["ssrf","gotenberg","cve-2026-39383"],"_cs_type":"advisory","_cs_vendors":["gotenberg"],"content_html":"\u003cp\u003eGotenberg version 8.29.1, as distributed in the default \u003ccode\u003egotenberg/gotenberg:8\u003c/code\u003e Docker image, contains an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. Discovered on April 4, 2026, this flaw allows an attacker with network access to the Gotenberg instance to specify an arbitrary URL via the \u003ccode\u003eGotenberg-Webhook-Url\u003c/code\u003e request header, forcing the server to make outbound HTTP POST requests. This is a blind SSRF vulnerability, where the attacker cannot directly read the response body, but can infer information based on the success or failure of the request. The vulnerability exists due to an insecure default in the \u003ccode\u003eFilterDeadline\u003c/code\u003e function, which, when unconfigured, permits all webhook URLs. The impact includes internal network probing, forced POST requests to internal services, and cloud metadata interaction.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Gotenberg instance exposed on the network (default port 3000).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts an HTTP POST request to the \u003ccode\u003e/forms/chromium/convert/url\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker includes the \u003ccode\u003eGotenberg-Webhook-Url\u003c/code\u003e header, setting it to an internal IP address and port (e.g., \u003ccode\u003ehttp://192.168.1.10:8080/\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker may also set the \u003ccode\u003eGotenberg-Webhook-Error-Url\u003c/code\u003e to an attacker-controlled server to monitor for request failures.\u003c/li\u003e\n\u003cli\u003eGotenberg\u0026rsquo;s \u003ccode\u003eFilterDeadline\u003c/code\u003e function fails to properly validate the supplied webhook URL due to an insecure default.\u003c/li\u003e\n\u003cli\u003eGotenberg makes an outbound HTTP POST request to the specified internal IP address and port using the retryablehttp client, potentially retrying the request up to 4 times.\u003c/li\u003e\n\u003cli\u003eIf the internal target responds with a 2xx status code, the attacker infers that the host and port are open and accepting POST requests. The error URL is NOT called.\u003c/li\u003e\n\u003cli\u003eIf the internal target responds with a 4xx/5xx status code, times out, or rejects the connection, the attacker receives a request at the \u003ccode\u003eGotenberg-Webhook-Error-Url\u003c/code\u003e endpoint, indicating the port is likely closed or the service is unavailable.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe SSRF vulnerability in Gotenberg 8.29.1 allows attackers to probe internal networks, potentially mapping out internal infrastructure by observing the success or failure of requests. Attackers can also force Gotenberg to send POST requests to internal services that perform actions upon receiving such requests, potentially triggering unintended behavior. Although the attacker cannot directly read response bodies, the ability to determine reachability and trigger actions makes this a significant security risk. The retry mechanism amplifies the probing effect, as each request generates up to 4 attempts.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the recommended configuration to either set \u003ccode\u003e--env GOTENBERG_API_WEBHOOK_ALLOW_LIST\u003c/code\u003e or \u003ccode\u003e--env GOTENBERG_API_WEBHOOK_DENY_LIST\u003c/code\u003e to restrict or block internal ranges to mitigate the SSRF vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/forms/chromium/convert/url\u003c/code\u003e with the \u003ccode\u003eGotenberg-Webhook-Url\u003c/code\u003e header containing suspicious internal IP addresses or domains using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious outbound network connections originating from the Gotenberg process to internal IP ranges or cloud metadata endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-30T17:24:55Z","date_published":"2026-04-30T17:24:55Z","id":"/briefs/2026-05-gotenberg-ssrf/","summary":"Gotenberg version 8.29.1 is vulnerable to Server-Side Request Forgery (SSRF) due to an unfiltered webhook URL, allowing unauthenticated attackers to force outbound HTTP POST requests to arbitrary destinations, enabling internal network probing and interaction with internal services.","title":"Gotenberg Unauthenticated SSRF Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-gotenberg-ssrf/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["Gotenberg \u003c= 8.30.1"],"_cs_severities":["critical"],"_cs_tags":["argument-injection","vulnerability","container"],"_cs_type":"advisory","_cs_vendors":["Gotenberg"],"content_html":"\u003cp\u003eGotenberg, a Docker-based solution for converting various document formats to PDF, is vulnerable to an argument injection flaw affecting versions 8.30.1 and earlier. This vulnerability stems from insufficient sanitization of metadata values passed to the ExifTool during PDF processing. Specifically, the application fails to properly sanitize newline characters within metadata values. By exploiting this flaw, an unauthenticated attacker can inject arbitrary ExifTool pseudo-tags, such as \u003ccode\u003e-FileName\u003c/code\u003e, \u003ccode\u003e-Directory\u003c/code\u003e, \u003ccode\u003e-SymLink\u003c/code\u003e, and \u003ccode\u003e-HardLink\u003c/code\u003e, allowing for unauthorized file manipulation, including renaming, moving, overwriting, and creating symbolic or hard links to files within the container\u0026rsquo;s filesystem. The vulnerability is a bypass of an incomplete key sanitization fix introduced in version 8.30.1, highlighting the importance of thorough input validation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious PDF file or uses an existing PDF.\u003c/li\u003e\n\u003cli\u003eThe attacker injects a newline character followed by an ExifTool pseudo-tag (e.g., \u003ccode\u003e-FileName=/tmp/inject_proof\u003c/code\u003e) into a metadata value (e.g., the \u0026lsquo;Title\u0026rsquo; field).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the PDF, along with the crafted metadata, to the Gotenberg \u003ccode\u003e/forms/pdfengines/metadata/write\u003c/code\u003e endpoint via a POST request.\u003c/li\u003e\n\u003cli\u003eGotenberg\u0026rsquo;s \u003ccode\u003eWriteMetadata\u003c/code\u003e function in \u003ccode\u003epkg/modules/exiftool/exiftool.go\u003c/code\u003e processes the metadata.\u003c/li\u003e\n\u003cli\u003eThe unsanitized metadata value is passed to \u003ccode\u003ego-exiftool\u003c/code\u003e\u0026rsquo;s \u003ccode\u003eSetString\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ego-exiftool\u003c/code\u003e writes the key-value pair to ExifTool\u0026rsquo;s stdin using \u003ccode\u003efmt.Fprintln(e.stdin, \u0026quot;-\u0026quot;+k+\u0026quot;=\u0026quot;+str)\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe newline character splits the ExifTool stdin line into two separate arguments, injecting the attacker\u0026rsquo;s pseudo-tag.\u003c/li\u003e\n\u003cli\u003eExifTool executes the injected command (e.g., moving the PDF to \u003ccode\u003e/tmp/inject_proof\u003c/code\u003e).\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation allows an unauthenticated attacker to rename or move any PDF being processed to an arbitrary path within the container filesystem, which runs as root by default. This also enables overwriting arbitrary files (e.g., corrupting the \u003ccode\u003e/etc/passwd\u003c/code\u003e file), creating symlinks, and creating hard links. The container filesystem becomes fully exposed to arbitrary file manipulation.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply value sanitization parallel to the existing key check in \u003ccode\u003eWriteMetadata\u003c/code\u003e as described in the advisory.\u003c/li\u003e\n\u003cli\u003eImplement detection rules to identify attempts to exploit the vulnerability by monitoring for suspicious characters in HTTP requests to the \u003ccode\u003e/forms/pdfengines/metadata/write\u003c/code\u003e endpoint using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eMonitor for unexpected file modifications within the Gotenberg container, especially the creation or modification of symbolic links and hard links, using \u003ccode\u003efile_event\u003c/code\u003e log source.\u003c/li\u003e\n\u003cli\u003eUpgrade to a patched version of Gotenberg that addresses this vulnerability to prevent exploitation (CVE-2026-40281).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"/briefs/2024-01-02-gotenberg-exiftool-injection/","summary":"Gotenberg version 8.30.1 and earlier is vulnerable to argument injection, where an unauthenticated attacker can inject arbitrary ExifTool pseudo-tags via newline characters in metadata values, leading to arbitrary file manipulation within the container filesystem.","title":"Gotenberg ExifTool Argument Injection via Metadata Values","url":"https://feed.craftedsignal.io/briefs/2024-01-02-gotenberg-exiftool-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Gotenberg","version":"https://jsonfeed.org/version/1.1"}