CVE-2026-35458

CVSS v4.0

8.7

High

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2026-35458

Affected Products

Gotenberg

CVE-2026-35458

Weakness Enumeration

Related Identifiers

Affected Products

References · 2