CVE-2026-36576
published 2026-06-03CVE-2026-36576: An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.49%
70.9th percentile
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
openlabs docker-wkhtmltopdf-aas POST Request app.py os command injection
vuldb·2026-06-03·CVSS 9.8
CVE-2026-36576 [CRITICAL] openlabs docker-wkhtmltopdf-aas POST Request app.py os command injection
A vulnerability labeled as critical has been found in openlabs docker-wkhtmltopdf-aas. This vulnerability affects unknown code of the file app.py of the component POST Request Handler. Executing a manipulation can lead to os command injection.
This vulnerability is registered as CVE-2026-36576. The attack requires access to the local network. No exploit is available.
GHSA
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
ghsa_unreviewed·2026-06-03
CVE-2026-36576 [CRITICAL] CWE-78 An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/openlabs/docker-wkhtmltopdf-aashttps://github.com/openlabs/docker-wkhtmltopdf-aas/blob/9f505797671c3339520dec5fc01dff3a6f324f2e/app.py#L40https://github.com/openlabs/docker-wkhtmltopdf-aas/issues/36https://hub.docker.com/r/openlabs/docker-wkhtmltopdf-aashttps://github.com/openlabs/docker-wkhtmltopdf-aas/issues/36
2026-06-03
Published