CVE-2026-46643 | KnpLabs snappy up to 1.7.0 on POSIX Configuration /usr/bin/wkhtmltopdf is_executable command os command injection (GHSA-vpr4-p6fq-85jc)

A vulnerability was found in KnpLabs snappy up to 1.7.0 on POSIX. It has been rated as critical. This affects the function is_executable of the file /usr/bin/wkhtmltopdf of the component Configuration Handler. Performing a manipulation of the argument command results in os command injection.

This vulnerability is identified as CVE-2026-46643. The attack is only possible with local access. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More