CVE-2026-42590 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: May 14, 2026
Gotenberg - File Manipulation
Overview
Gotenberg < 8.30.0 contains a file rename, move, hardlink, and symlink creation vulnerability caused by bypassing ExifTool metadata write blocklist using group-prefix syntax, letting attackers manipulate files on the server, exploit requires crafted metadata input.
Severity & Score
Impact
Attackers can rename, move, or create links to arbitrary files on the server, potentially leading to file system manipulation and privilege escalation.
Mitigation
Update to version 8.30.0 or later.
Social Media Activity(2 posts)
š CVE-2026-42590 - High (8.2) Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creati... š https://www.thehackerwire.com/vulnerability/CVE-2026-42590/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-42590 - High (8.2) Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creati... š https://www.thehackerwire.com/vulnerability/CVE-2026-42590/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42590
- Severity
- High
- CVSS Score
- 8.2
- Type
- undefined
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-184
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L