Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names...

8.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Description

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0.

Basic Information

ID CVE-2026-40893

Source GitHub_M

Published May 14, 2026 at 15:18

Affected Product

Vendor gotenberg

Product gotenberg

Version < 8.31.0

Affected Versions gotenberg gotenberg < 8.31.0

CWE Classification

CWE-73 CWE-184

References

github.com /gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4

{
    "lastseen": "",
    "description": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0.",
    "published": "2026-05-14T15:18:27.758Z",
    "modified": "2026-05-14T15:18:27.758Z",
    "type": "cve",
    "title": "Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move",
    "source": "GitHub_M",
    "references": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4",
    "id": "CVE-2026-40893",
    "bulletinFamily": "",
    "cwe": [
        "CWE-73",
        "CWE-184"
    ],
    "cvelist": null,
    "sourceData": "gotenberg gotenberg < 8.31.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "gotenberg",
    "version": "< 8.31.0",
    "vendor": "gotenberg",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move_CVE-2026-40893