Permalink
CVE-2026-55229
7.5 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
Gotenberg: SSRF via LibreOffice document processing
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTP(S) resources and local file resources during document conversion, enabling blind SSRF and limited local file disclosure via linked image resource loading. This issue is fixed in version 8.34.0.
References
-
https://github.com/gotenberg/gotenberg/security/advisories/GHSA-2mrg-35hw-x3x9 x_refsource_CONFIRM
-
https://github.com/gotenberg/gotenberg/releases/tag/v8.34.0 x_refsource_MISC
Affected products
gotenberg
- ==< 8.34.0
Matching in nixpkgs
pkgs.gotenberg
Converts numerous document formats into PDF files
pkgs.python313Packages.gotenberg-client
Python client for interfacing with the Gotenberg API
Package maintainers
-
@MiniHarinn Harinn <prinn.dev@pm.me>
-
@leona-ya Leona Maroni <nix@leona.is>