Skip to content

CVE-2026-40281 - Gotenberg ExifTool argument injection

Gotenberg <=8.30.1 contains a critical argument-injection issue in PDF metadata writing. The earlier key-sanitization fix did not sanitize metadata values before passing them to ExifTool through stdin. A newline in a metadata value can split the ExifTool input into extra pseudo-tag arguments.

For an exposed metadata-write endpoint, an unauthenticated attacker may be able to move or corrupt files inside the container and create link primitives that break assumptions about temporary file cleanup and filesystem isolation.

Affected versions

  • Vulnerable: Gotenberg <=8.30.1
  • Fixed: Gotenberg 8.31.0+

Indicator-of-exposure

  • Gotenberg v8 is deployed at or below 8.30.1.
  • /forms/pdfengines/metadata/write or equivalent PDF metadata-writing functionality is reachable by untrusted users or tenants.
  • The container runs with broad filesystem write access, root privileges, host mounts, or persistent shared volumes.

Quick checks:

rg -n "gotenberg|pdfengines|metadata/write|exiftool" .
docker image inspect gotenberg/gotenberg:8 --format '{{ index .RepoDigests 0 }}'
go list -m all | rg 'gotenberg/gotenberg'
kubectl get deploy,statefulset -A -o yaml | rg -n "gotenberg|readOnlyRootFilesystem|runAsNonRoot|volumeMounts"

Remediation strategy

  • Upgrade Gotenberg to 8.31.0+ and pin image digests.
  • Restrict access to PDF metadata-writing routes while rollout is underway.
  • Run the Gotenberg container as non-root with a read-only root filesystem where possible, and avoid host or sensitive persistent mounts.
  • Review logs and filesystem artifacts if a vulnerable public endpoint was exposed.

The prompt 

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-40281 (Gotenberg ExifTool argument injection).
Produce exactly one output:

- A reviewer-ready PR/change request that upgrades Gotenberg and adds
  filesystem/exposure hardening, or
- TRIAGE.md if this repository cannot safely patch the affected runtime.

## Rules

- Scope only CVE-2026-40281.
- Prefer upgrading Gotenberg to `8.31.0+`; do not rely on local input filtering
  as the primary fix when the vendor patch can be consumed.
- Treat PDF metadata keys and values as untrusted input.
- Do not auto-merge.

## Steps

1. Inventory all Gotenberg references in dependency manifests, image tags,
   Dockerfiles, compose files, Helm values, Kubernetes manifests, SBOMs, and
   deployment docs.
2. Determine whether any reference resolves to `<=8.30.1`.
3. Upgrade affected references to `8.31.0+`; regenerate lockfiles, image tags,
   or deployment manifests as needed.
4. Add containment where this repo owns runtime config:
   - require auth or trusted ingress for metadata-write endpoints;
   - run as non-root;
   - enable read-only root filesystem where compatible;
   - remove host mounts or sensitive persistent volumes from Gotenberg.
5. Add a reviewer note that v8.30.1 is still vulnerable because it only
   sanitized metadata keys, not newline-bearing values.
6. Run available tests, dependency scans, image scans, and deployment rendering.
7. Use PR title:
   `fix(sec): remediate CVE-2026-40281 in Gotenberg`.

## Stop conditions

- Gotenberg is not present or is managed outside this repository.
- A fixed `8.31.0+` artifact is unavailable for the target deployment.
- Hardening changes would break documented production conversion behavior; file
  TRIAGE.md with the smallest safe upgrade and operator decision needed.

Verification - what the reviewer looks for

  • No vulnerable Gotenberg version remains in manifests, lockfiles, images, or SBOMs controlled by the repo.
  • Metadata-writing endpoints are not publicly reachable without auth or trusted ingress.
  • Container hardening is present where supported: non-root user, read-only root filesystem, and no sensitive host mounts.
  • PR notes explicitly reject v8.30.1 as incomplete for this CVE.

Watch for

  • False confidence from key-only sanitization; this CVE is about metadata values containing control characters.
  • Gotenberg sidecars or worker deployments that are versioned separately from the main API service.
  • HostPath mounts or shared volumes that turn a container-local file move into a broader production incident.

References