HIGH
Thecodingmachine
CVE published 2026-05-14
CVE-2026-42590
CVE-2026-42590 affects Gotenberg before 8.30.0. A metadata-write blocklist in the ExifTool integration can be bypassed using ExifTool group-prefix syntax, and some pseudo-tags were not blocked at all. The result is unauthorized file manipulation on the server, with integrity impact and limited availability impact.