These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-42595 documents a server-side request forgery (SSRF) vulnerability in Gotenberg, a Docker-powered stateless API for PDF generation. The vulnerability affects versions prior to 8.32.0 and was published on May 14, 2026, with a subsequent modification on May 18, 2026. The issue resides in the Chromium URL-to-PDF endpoint (/forms/chromium/convert/url), which by default lacks protection against HTTP/H [truncated]
Gotenberg versions prior to 8.32.0 contain a server-side request forgery (SSRF) vulnerability in the LibreOffice conversion endpoint. The `/forms/libreoffice/convert` endpoint accepts document uploads and passes them directly to LibreOffice without content inspection. LibreOffice then independently fetches any embedded external URLs, bypassing Gotenberg's SSRF filters entirely. This allows attackers to in [truncated]
Gotenberg versions prior to 8.31.0 contain a critical unauthenticated command injection vulnerability in the /forms/pdfengines/metadata/write endpoint. The flaw arises from insufficient validation of JSON metadata keys, which are passed directly to ExifTool via the go-exiftool library. An attacker can embed newline characters in JSON keys to split the ExifTool stdin stream, injecting arbitrary flags inclu [truncated]