CVE-2026-40893 HIGH

CVE-2026-40893: Gotenberg: ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names Allows Arbitrary File Rename and Move

Vendor Gotenberg
Product gotenberg
Weakness CWE-73
Published May 14, 2026
Last update May 14, 2026

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0.

Key dates

02Disclosure timeline

May 14, 2026 CVE published
May 14, 2026 Record updated