Apr 8, 2026·5 min read·21 visits
An unauthenticated arbitrary file write vulnerability in Gotenberg stems from a case-sensitive blocklist bypass. Attackers leverage ExifTool's case-insensitive pseudo-tags to manipulate server files, compromising system integrity.
Gotenberg version 8.29.0 contains an incomplete fix for an arbitrary file write vulnerability within its ExifTool metadata update process. The initial patch implemented a case-sensitive blocklist that attackers can bypass using alternate casing or previously unblocked pseudo-tags, leading to arbitrary file writes, renames, and hard or symbolic link creation.
Gotenberg provides an unauthenticated application programming interface (API) for PDF conversion and manipulation. The /forms/pdfengines/metadata/write endpoint allows clients to modify the metadata of uploaded PDF files. The backend processes these requests by passing the user-supplied metadata map directly to ExifTool via standard input (stdin).
ExifTool supports special operational directives known as "Extra Tags" or pseudo-tags. These tags, such as FileName, Directory, HardLink, and SymLink, dictate ExifTool's filesystem behavior rather than altering the document's metadata. Passing arbitrary values to these tags allows an attacker to execute file moves, renames, and link creation operations on the host filesystem.
Gotenberg version 8.29.0 attempted to mitigate this arbitrary file write risk by implementing a metadata blocklist. The application explicitly deleted the FileName and Directory keys from the user-controlled map. This mitigation was fundamentally flawed due to a case sensitivity mismatch between Go's map implementation and ExifTool's parsing engine.
The vulnerability stems from improper handling of case sensitivity (CWE-178) between the validation layer and the execution layer. The mitigation introduced in version 8.29.0 relied on Go's delete() function, which executes a strict, case-sensitive lookup against the map keys. The blocklist specifically targeted the exact strings "FileName" and "Directory".
ExifTool normalizes tag inputs and processes them case-insensitively. An attacker submitting a JSON payload with the key "filename" bypasses the case-sensitive Go blocklist, as "filename" does not equal "FileName". The validation logic leaves the malicious key intact, passing it directly to ExifTool.
Upon receiving the "filename" tag, ExifTool internally maps it to the FileName operational directive. This triggers the specified filesystem operation, effectively executing the arbitrary file write. Furthermore, the original blocklist implementation omitted the HardLink and SymLink pseudo-tags entirely, leaving those operations fully exposed regardless of case manipulation.
The vulnerable code in commit 043b158 defined a slice of dangerous tags and iterated over it to sanitize the incoming map. The implementation utilized delete(metadata, tag), which failed to account for variations in casing.
// Vulnerable Implementation (v8.29.0)
dangerousTags := []string{
"FileName",
"Directory",
}
for _, tag := range dangerousTags {
delete(metadata, tag) // Case-sensitive deletion bypass
}The patch implemented in version 8.30.0 (commit 15050a311b73d76d8b9223bafe7fa7ba71240011) fundamentally altered the validation loop. The fixed logic iterates over every key provided in the user metadata payload and executes a case-insensitive comparison against the blocklist using strings.EqualFold().
// Patched Implementation (v8.30.0)
dangerousTags := []string{
"FileName",
"Directory",
"HardLink",
"SymLink",
}
for key := range metadata {
for _, tag := range dangerousTags {
if strings.EqualFold(key, tag) {
delete(metadata, key)
}
}
}Exploitation requires direct network communication with the Gotenberg API. The attacker constructs an HTTP POST request to the /forms/pdfengines/metadata/write endpoint. The request must contain a valid PDF file and a JSON string defining the malicious metadata manipulation.
To trigger an arbitrary file write via renaming or moving, the attacker submits a payload utilizing the lowercased pseudo-tag. The following curl command demonstrates writing a file to /tmp/evil_bypass.pdf. The Gotenberg validation layer ignores the filename key, while ExifTool honors the directive.
curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \
-F files=@sample.pdf \
-F 'metadata={"filename": "/tmp/evil_bypass.pdf"}'To execute hard link or symbolic link creation, the attacker utilizes the previously unblocked tags. A payload containing {"HardLink": "/tmp/hardlink_bypass.pdf"} successfully forces the underlying ExifTool process to generate a hard link to the provided PDF file at the specified system location.
The vulnerability facilitates severe impacts on system integrity and availability. An unauthenticated attacker possesses the capability to move or overwrite critical system files accessible by the Gotenberg process. This directly leads to localized denial-of-service conditions or corruption of persistent storage volumes.
While the exploit does not immediately yield direct read access to arbitrary files, the SymLink primitive introduces secondary attack vectors. Attackers can generate symbolic links pointing to sensitive host files. If subsequent application logic or secondary API endpoints serve or process these linked files, the flaw cascades into an information disclosure vulnerability.
Researchers emphasize that the version 8.30.0 patch addresses the immediate vectors but leaves theoretical avenues open. ExifTool supports group prefixes, permitting tag definitions such as File:FileName. The current strings.EqualFold() implementation compares the entire key verbatim. A prefixed key bypasses the strict string equality check, potentially allowing the payload to reach ExifTool if the backend does not subsequently restrict namespace prefixes.
System administrators must update Gotenberg installations to version 8.30.0 immediately. The patched release effectively sanitizes case variations of known dangerous pseudo-tags and incorporates the HardLink and SymLink directives into the restricted operations list.
Gotenberg lacks built-in authentication mechanisms and is engineered strictly for isolated, internal deployment. Organizations must enforce robust network segmentation, ensuring the API is never exposed to untrusted external networks. Access should be mediated through reverse proxies enforcing strict authentication and authorization policies.
Security operations teams should deploy strict input validation on upstream web application firewalls (WAF). Monitoring mechanisms must inspect HTTP POST payloads targeting the metadata endpoint for structural anomalies. Any payload containing case variations of ExifTool pseudo-tags must generate high-priority security alerts and trigger automated blocking responses.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N| Product | Affected Versions | Fixed Version |
|---|---|---|
Gotenberg Gotenberg | >= 8.29.0, < 8.30.0 | 8.30.0 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-178 |
| CVSS Score | 8.7 |
| Attack Vector | Network |
| Authentication Required | None |
| Privileges Required | None |
| Exploit Status | Proof-of-Concept |
| Impact | Arbitrary File Write / System Integrity Compromise |
The software does not properly handle data that can have multiple cases.
An access control deficiency in the 9Router dashboard allows unauthenticated remote attackers to perform full CRUD operations on integrated AI providers, extract plaintext API keys, and access complete system conversation histories.
A DOM-based cross-site scripting (XSS) vulnerability exists in Craft CMS versions 4.0.0-RC1 through 4.17.15 and 5.0.0-RC1 through 5.9.22. The flaw resides within the CraftSupport widget's feedback search component, which fails to neutralize GitHub issue titles before rendering them into the administrator's control panel. An unauthenticated attacker can exploit this vulnerability by submitting a crafted issue to the public Craft CMS repository on GitHub.
CVE-2026-55793 is a DOM-based Stored Cross-Site Scripting (XSS) vulnerability affecting Craft CMS versions 5.0.0-RC1 through 5.9.22. An authenticated user with minimum Author privileges can store a malicious payload in an entry's title. When an administrator or high-privileged user performs a drag-and-drop operation under the modified entry in the structure table view, the unescaped payload is retrieved and concatenated into raw HTML, resulting in arbitrary JavaScript execution within the context of the administrative session.
Craft CMS versions 5.9.0 through 5.9.9 are vulnerable to authenticated Remote Code Execution (RCE). An attacker with control panel permissions to edit entries can inject malicious Twig templates into the client-side HTTP Referer header. During the post-save redirect sequence, the server evaluates this user-controlled header using an unsandboxed Twig rendering function, leading to arbitrary system command execution.
An authenticated SQL injection vulnerability exists in the datapoint crosstab export functionality of OpenRemote. The vulnerability is caused by insecure manual SQL string construction that concatenates user-controlled display data, specifically asset display names and attribute names, directly into raw SQL statements. These statements are processed by the PostgreSQL database engine using the crosstab function to structure dynamic CSV outputs.
An insecure redirect vulnerability in Coder allows an authenticated attacker who controls a workspace agent to perform unauthorized cross-agent file operations and achieve remote code execution in other workspaces. By exploiting default redirect-following behavior in the control-plane's HTTP client, a malicious agent can redirect legitimate requests to a victim's deterministic tailnet IP address.