CVE-2026-42589 | Gotenberg up to 8.30.x HTTP Endpoint write os command injection (GHSA-rqgh-gxv4-6657)

A vulnerability, which was classified as critical, was found in Gotenberg up to 8.30.x. Impacted is an unknown function of the file /forms/pdfengines/metadata/write of the component HTTP Endpoint. The manipulation results in os command injection.

This vulnerability was named CVE-2026-42589. The attack may be performed from remote. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More