CVE-2026-40281

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.x through 8.30.1

Description An improper input validation issue exists in the metadata write endpoint '/forms/pdfengines/metadata/write'. While metadata keys are validated, metadata values are passed unsanitized to the WriteMetadata() function. An attacker can inject a newline character ( ) into a metadata value to split the ExifTool stdin line, allowing the injection of arbitrary ExifTool pseudo-tags such as -FileName, -Directory, -SymLink, and -HardLink.

This can enable an unauthenticated attacker to rename or move processed PDFs to arbitrary paths in the container filesystem, overwrite system files, or create symlinks and hard links at arbitrary paths.

Recommendations Upgrade to version 8.31.0. As a temporary workaround, restrict access to the '/forms/pdfengines/metadata/write' endpoint to minimize the risk of exploitation.