CVE-2026-42589 Scanner

Gotenberg is an open-source document conversion server that allows multiple formats to be converted, merged, or manipulated using popular libraries. It is utilized by developers and enterprises to streamline document operations through a server-based architecture, offering a simple API interface for generating PDF documents. Often deployed on cloud-based infrastructure or within private networks, Gotenberg serves organizations that need efficient document processing capabilities. Its flexibility and ease of use make it a preferred choice for software teams focusing on document management and automation solutions. The software's integration with other tools and its extension capabilities enable users to customize document workflows to suit specific business requirements. Consequently, Gotenberg is a vital tool in enterprises where document conversion and handling are integral to operations.

The command injection vulnerability in Gotenberg arises due to improper validation of JSON metadata keys within the /forms/pdfengines/metadata/write endpoint. This flaw allows attackers to inject and execute OS commands as part of the application processing. Such vulnerabilities provide attackers a window to execute arbitrary code due to inadequate input sanitization and validation processes. In the context of this vulnerability, unauthenticated attackers can craft specific HTTP payloads designed to exploit the flawed endpoint. With this level of access, the vulnerability has a high potential impact given the critical nature of command execution on servers. This oversight calls for immediate patching and secure programming practices to prevent similar issues in the future.

The technical basis of this vulnerability lies in Gotenberg's handling of metadata within PDF generation forms. Attackers exploit the lack of proper checks against JSON inputs by placing OS command instructions directly within the metadata. The /forms/pdfengines/metadata/write endpoint is rendered vulnerable since it inadequately distinguishes between benign metadata and malicious code. By crafting an HTTP POST request, attackers manipulate the 'metadata' field to inject commands, which the server then processes naively. This point of entry allows adversaries to undermine the server's stability and security posture by executing commands of their choosing. Proper validation methods and boundaries must be enforced to prevent execution beyond intended application logic.

If this command injection vulnerability is exploited, the server can be compromised in several severe ways. Malicious individuals gain the ability to execute arbitrary OS commands, which can lead to unauthorized control over the server environment. This may result in data theft, unauthorized data manipulation, or sabotage of affected services, critically affecting business operations. Moreover, the exposure of sensitive information and the potential to deploy backdoor entries further elevate the risks associated with this flaw. Attackers can pivot to lateral environments, leverage the server for further attacks, and ultimately cause significant harm to organizational data and systems. Defensive mechanisms, such as updating affected systems and employing robust input validation, are necessary to mitigate these threats.

REFERENCES

• https://github.com/gotenberg/gotenberg/security/advisories/GHSA-rqgh-gxv4-6657
• https://github.com/gotenberg/gotenberg/releases/tag/v8.31.0
• https://nvd.nist.gov/vuln/detail/CVE-2026-42589