CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



GHSA-QMWH-9M9C-H36M

GHSA-QMWH-9M9C-H36M: Arbitrary File Write and Blocklist Bypass in Gotenberg ExifTool Integration

Alon Barad
Alon Barad
Software Engineer

Apr 8, 2026·5 min read·21 visits

Executive Summary (TL;DR)

An unauthenticated arbitrary file write vulnerability in Gotenberg stems from a case-sensitive blocklist bypass. Attackers leverage ExifTool's case-insensitive pseudo-tags to manipulate server files, compromising system integrity.

Gotenberg version 8.29.0 contains an incomplete fix for an arbitrary file write vulnerability within its ExifTool metadata update process. The initial patch implemented a case-sensitive blocklist that attackers can bypass using alternate casing or previously unblocked pseudo-tags, leading to arbitrary file writes, renames, and hard or symbolic link creation.

Vulnerability Overview

Gotenberg provides an unauthenticated application programming interface (API) for PDF conversion and manipulation. The /forms/pdfengines/metadata/write endpoint allows clients to modify the metadata of uploaded PDF files. The backend processes these requests by passing the user-supplied metadata map directly to ExifTool via standard input (stdin).

ExifTool supports special operational directives known as "Extra Tags" or pseudo-tags. These tags, such as FileName, Directory, HardLink, and SymLink, dictate ExifTool's filesystem behavior rather than altering the document's metadata. Passing arbitrary values to these tags allows an attacker to execute file moves, renames, and link creation operations on the host filesystem.

Gotenberg version 8.29.0 attempted to mitigate this arbitrary file write risk by implementing a metadata blocklist. The application explicitly deleted the FileName and Directory keys from the user-controlled map. This mitigation was fundamentally flawed due to a case sensitivity mismatch between Go's map implementation and ExifTool's parsing engine.

Root Cause Analysis

The vulnerability stems from improper handling of case sensitivity (CWE-178) between the validation layer and the execution layer. The mitigation introduced in version 8.29.0 relied on Go's delete() function, which executes a strict, case-sensitive lookup against the map keys. The blocklist specifically targeted the exact strings "FileName" and "Directory".

ExifTool normalizes tag inputs and processes them case-insensitively. An attacker submitting a JSON payload with the key "filename" bypasses the case-sensitive Go blocklist, as "filename" does not equal "FileName". The validation logic leaves the malicious key intact, passing it directly to ExifTool.

Upon receiving the "filename" tag, ExifTool internally maps it to the FileName operational directive. This triggers the specified filesystem operation, effectively executing the arbitrary file write. Furthermore, the original blocklist implementation omitted the HardLink and SymLink pseudo-tags entirely, leaving those operations fully exposed regardless of case manipulation.

Code Analysis and Patch Walkthrough

The vulnerable code in commit 043b158 defined a slice of dangerous tags and iterated over it to sanitize the incoming map. The implementation utilized delete(metadata, tag), which failed to account for variations in casing.

// Vulnerable Implementation (v8.29.0)
dangerousTags := []string{
    "FileName",
    "Directory",
}
for _, tag := range dangerousTags {
    delete(metadata, tag) // Case-sensitive deletion bypass
}

The patch implemented in version 8.30.0 (commit 15050a311b73d76d8b9223bafe7fa7ba71240011) fundamentally altered the validation loop. The fixed logic iterates over every key provided in the user metadata payload and executes a case-insensitive comparison against the blocklist using strings.EqualFold().

// Patched Implementation (v8.30.0)
dangerousTags := []string{
    "FileName",
    "Directory",
    "HardLink",
    "SymLink",
}
for key := range metadata {
    for _, tag := range dangerousTags {
        if strings.EqualFold(key, tag) {
            delete(metadata, key)
        }
    }
}

Exploitation Methodology

Exploitation requires direct network communication with the Gotenberg API. The attacker constructs an HTTP POST request to the /forms/pdfengines/metadata/write endpoint. The request must contain a valid PDF file and a JSON string defining the malicious metadata manipulation.

To trigger an arbitrary file write via renaming or moving, the attacker submits a payload utilizing the lowercased pseudo-tag. The following curl command demonstrates writing a file to /tmp/evil_bypass.pdf. The Gotenberg validation layer ignores the filename key, while ExifTool honors the directive.

curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \
  -F files=@sample.pdf \
  -F 'metadata={"filename": "/tmp/evil_bypass.pdf"}'

To execute hard link or symbolic link creation, the attacker utilizes the previously unblocked tags. A payload containing {"HardLink": "/tmp/hardlink_bypass.pdf"} successfully forces the underlying ExifTool process to generate a hard link to the provided PDF file at the specified system location.

Impact and Variant Analysis

The vulnerability facilitates severe impacts on system integrity and availability. An unauthenticated attacker possesses the capability to move or overwrite critical system files accessible by the Gotenberg process. This directly leads to localized denial-of-service conditions or corruption of persistent storage volumes.

While the exploit does not immediately yield direct read access to arbitrary files, the SymLink primitive introduces secondary attack vectors. Attackers can generate symbolic links pointing to sensitive host files. If subsequent application logic or secondary API endpoints serve or process these linked files, the flaw cascades into an information disclosure vulnerability.

Researchers emphasize that the version 8.30.0 patch addresses the immediate vectors but leaves theoretical avenues open. ExifTool supports group prefixes, permitting tag definitions such as File:FileName. The current strings.EqualFold() implementation compares the entire key verbatim. A prefixed key bypasses the strict string equality check, potentially allowing the payload to reach ExifTool if the backend does not subsequently restrict namespace prefixes.

Remediation and Mitigation

System administrators must update Gotenberg installations to version 8.30.0 immediately. The patched release effectively sanitizes case variations of known dangerous pseudo-tags and incorporates the HardLink and SymLink directives into the restricted operations list.

Gotenberg lacks built-in authentication mechanisms and is engineered strictly for isolated, internal deployment. Organizations must enforce robust network segmentation, ensuring the API is never exposed to untrusted external networks. Access should be mediated through reverse proxies enforcing strict authentication and authorization policies.

Security operations teams should deploy strict input validation on upstream web application firewalls (WAF). Monitoring mechanisms must inspect HTTP POST payloads targeting the metadata endpoint for structural anomalies. Any payload containing case variations of ExifTool pseudo-tags must generate high-priority security alerts and trigger automated blocking responses.

Official Patches

GotenbergImplementation of case-insensitive blocklist evaluation via strings.EqualFold

Fix Analysis (1)

Technical Appendix

CVSS Score
8.7/ 10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Systems

Gotenberg v8.29.0ExifTool metadata processing pipeline

Affected Versions Detail

Product
Affected Versions
Fixed Version
Gotenberg
Gotenberg
>= 8.29.0, < 8.30.08.30.0
AttributeDetail
CWE IDCWE-178
CVSS Score8.7
Attack VectorNetwork
Authentication RequiredNone
Privileges RequiredNone
Exploit StatusProof-of-Concept
ImpactArbitrary File Write / System Integrity Compromise

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1070Indicator Removal
Defense Evasion
CWE-178
Improper Handling of Case Sensitivity

The software does not properly handle data that can have multiple cases.

Known Exploits & Detection

Official AdvisoryProof-of-concept curl commands demonstrating the case-sensitive bypass and missing pseudo-tags.

References & Sources

  • [1]Official GitHub Security Advisory
  • [2]Gotenberg v8.30.0 Fix Commit
  • [3]ExifTool Extra Tags Documentation

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•about 5 hours ago•GHSA-VJC7-JRH9-9J86
10.0

Unauthenticated CRUD and Sensitive Data Exposure in 9Router API Endpoints

An access control deficiency in the 9Router dashboard allows unauthenticated remote attackers to perform full CRUD operations on integrated AI providers, extract plaintext API keys, and access complete system conversation histories.

Amit Schendel
Amit Schendel
6 views•5 min read
•about 5 hours ago•CVE-2026-55790
7.4

CVE-2026-55790: DOM-Based Cross-Site Scripting in Craft CMS Support Widget

A DOM-based cross-site scripting (XSS) vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.17.15 and 5.0.0-RC1 through 5.9.22. The flaw resides within the CraftSupport widget's feedback search component, which fails to neutralize GitHub issue titles before rendering them into the administrator's control panel. An unauthenticated attacker can exploit this vulnerability by submitting a crafted issue to the public Craft CMS repository on GitHub.

Alon Barad
Alon Barad
6 views•7 min read
•about 6 hours ago•CVE-2026-55793
5.9

CVE-2026-55793: Stored DOM-Based Cross-Site Scripting in Craft CMS ElementTableSorter

CVE-2026-55793 is a DOM-based Stored Cross-Site Scripting (XSS) vulnerability affecting Craft CMS versions 5.0.0-RC1 through 5.9.22. An authenticated user with minimum Author privileges can store a malicious payload in an entry's title. When an administrator or high-privileged user performs a drag-and-drop operation under the modified entry in the structure table view, the unescaped payload is retrieved and concatenated into raw HTML, resulting in arbitrary JavaScript execution within the context of the administrative session.

Alon Barad
Alon Barad
5 views•8 min read
•about 6 hours ago•CVE-2026-55794
8.7

CVE-2026-55794: Authenticated Remote Code Execution via Template Injection in Craft CMS

Craft CMS versions 5.9.0 through 5.9.9 are vulnerable to authenticated Remote Code Execution (RCE). An attacker with control panel permissions to edit entries can inject malicious Twig templates into the client-side HTTP Referer header. During the post-save redirect sequence, the server evaluates this user-controlled header using an unsandboxed Twig rendering function, leading to arbitrary system command execution.

Amit Schendel
Amit Schendel
5 views•6 min read
•about 7 hours ago•GHSA-CGFV-JRFP-2R7V
8.5

GHSA-cgfv-jrfp-2r7v: Authenticated SQL Injection in OpenRemote Datapoint Crosstab Export

An authenticated SQL injection vulnerability exists in the datapoint crosstab export functionality of OpenRemote. The vulnerability is caused by insecure manual SQL string construction that concatenates user-controlled display data, specifically asset display names and attribute names, directly into raw SQL statements. These statements are processed by the PostgreSQL database engine using the crosstab function to structure dynamic CSV outputs.

Amit Schendel
Amit Schendel
4 views•5 min read
•about 7 hours ago•GHSA-QRWJ-VH9X-GW5V
8.0

GHSA-QRWJ-VH9X-GW5V: Cross-Agent Server-Side Request Forgery and Remote Code Execution in Coder Workspace Agent

An insecure redirect vulnerability in Coder allows an authenticated attacker who controls a workspace agent to perform unauthorized cross-agent file operations and achieve remote code execution in other workspaces. By exploiting default redirect-following behavior in the control-plane's HTTP client, a malicious agent can redirect legitimate requests to a victim's deterministic tailnet IP address.

Amit Schendel
Amit Schendel
5 views•5 min read