CVE-2026-42595 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: May 14, 2026
Gotenberg - Server Side Request Forgery
Overview
Gotenberg < 8.32.0 contains a server side request forgery caused by insufficient deny-list validation and redirect handling in Chromium URL-to-PDF endpoint, letting unauthenticated attackers access internal network resources, exploit requires no authentication.
Severity & Score
Impact
Unauthenticated attackers can access internal network resources and cloud metadata, potentially exposing sensitive information.
Mitigation
Update to version 8.32.0 or later.
Social Media Activity(2 posts)
š CVE-2026-42595 - High (8.6) Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks fil... š https://www.thehackerwire.com/vulnerability/CVE-2026-42595/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-42595 - High (8.6) Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks fil... š https://www.thehackerwire.com/vulnerability/CVE-2026-42595/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-42595
- Severity
- High
- CVSS Score
- 8.6
- Type
- server_side_request_forgery
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-918
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N