CVE-2026-55229
published 2026-06-21CVE-2026-55229: A vulnerability was found in Gotenberg 8.1.0/8.30.0/8.31.0/8.32.0. It has been declared as critical. The impacted element is an unknown function of the…
critical
A vulnerability was found in Gotenberg 8.1.0/8.30.0/8.31.0/8.32.0. It has been declared as critical. The impacted element is an unknown function of the component LibreOffice Document Handler. The manipulation results in server-side request forgery.
This vulnerability was named CVE-2026-55229. The attack may be performed from remote. There is no available exploit.
It is recommended to upgrade the affected component.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | gotenberg_gotenberg_v8 | >= 0 < 8.34.0 | 8.34.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Gotenberg 8.1.0/8.30.0/8.31.0/8.32.0 LibreOffice Document server-side request forgery
vuldb·2026-06-21
CVE-2026-55229 [CRITICAL] Gotenberg 8.1.0/8.30.0/8.31.0/8.32.0 LibreOffice Document server-side request forgery
A vulnerability was found in Gotenberg 8.1.0/8.30.0/8.31.0/8.32.0. It has been declared as critical. The impacted element is an unknown function of the component LibreOffice Document Handler. The manipulation results in server-side request forgery.
This vulnerability was named CVE-2026-55229. The attack may be performed from remote. There is no available exploit.
It is recommended to upgrade the affected component.
GHSA
Gotenberg: SSRF via LibreOffice document processing
ghsa·2026-06-18
CVE-2026-55229 [HIGH] CWE-918 Gotenberg: SSRF via LibreOffice document processing
Gotenberg: SSRF via LibreOffice document processing
**Summary**
Server-Side Request Forgery (SSRF) vulnerability affecting the `/forms/libreoffice/convert` endpoint in Gotenberg v8.33.0 running with the default configuration.
By uploading a specially crafted DOCX document, an attacker can cause LibreOffice to automatically retrieve external resources during document conversion. As a result, outbound requests are made from the server hosting Gotenberg to attacker-controlled destinations.
Additionally, the same document mechanism appears capable of referencing image resources from the local filesystem. During conversion, LibreOffice attempts to load those resources and embed them into the resulting document.
**PoC**
**External Resource Retrieval**
Create a DOCX document containing the
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-21
Published