Blind SSRF and Local File Disclosure Vulnerability in Gotenberg by StatsRoy
CVE-2026-55229
7.5HIGH
What is CVE-2026-55229?
Gotenberg, a Docker-based API designed for PDF document processing, incorporates a critical vulnerability in versions prior to 8.34.0. This flaw exists in the /forms/libreoffice/convert endpoint, allowing attackers to craft malicious documents that trigger external HTTP(S) requests and access local file resources during the document conversion process. This could lead to unauthorized resource retrieval and limited local file disclosure, posing significant security risks. Users are advised to update to version 8.34.0 or later to mitigate these vulnerabilities.
Affected Version(s)
gotenberg < 8.34.0
