CVE-2026-40893
published 2026-05-14CVE-2026-40893: Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips…
PriorityP352high8.2CVSS 3.1
AVNACLPRNUINSUCNIHAL
EPSS
0.35%
26.6th percentile
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files. This vulnerability is fixed in 8.31.0.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gotenberg_gotenberg_v8 | 0 – 8.30.1 | — |
| gotenberg | gotenberg | < 8.31.0 | 8.31.0 |
| thecodingmachine | gotenberg | < 8.31.0 | 8.31.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Gotenberg up to 8.30.x PDF File System:FileName file inclusion (GHSA-62p3-hvxx-fxg4)
vuldb·2026-05-14·CVSS 8.2
CVE-2026-40893 [HIGH] Gotenberg up to 8.30.x PDF File System:FileName file inclusion (GHSA-62p3-hvxx-fxg4)
A vulnerability identified as problematic has been detected in Gotenberg up to 8.30.x. This impacts an unknown function of the component PDF File Handler. The manipulation of the argument System:FileName leads to file inclusion.
This vulnerability is documented as CVE-2026-40893. The attack can be initiated remotely. There is not any exploit available.
You should upgrade the affected component.
GHSA
Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move
ghsa·2026-05-04
CVE-2026-40893 [HIGH] CWE-20 Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move
Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move
### Summary
Gotenberg blocks certain ExifTool tag names like `FileName` and `Directory` to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag — `System:FileName` — which does the exact same thing. Gotenberg only checks if the tag is exactly `FileName`, so `System:FileName` slips right through and ExifTool happily renames the file. No login is needed. One HTTP request is enough.
This bypasses the fix from [GHSA-qmwh-9m9c-h36m](https://github.com/gotenberg/gotenberg/security/advisories/GHSA-qmwh-9m9c-h36m).
### Details
Think of it like a nightclub bouncer with a blocklist of banned names. The blocklist
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-14
Published