CVE-2026-36576: Critical OS Command Injection in docker-wkhtmltopdf-aas

Overview

A critical OS command injection vulnerability (CVE-2026-36576) has been disclosed in the openlabs/docker-wkhtmltopdf-aas project — a popular Dockerized web service wrapping the wkhtmltopdf HTML-to-PDF conversion utility. The flaw resides in the app.py component and allows an unauthenticated attacker to execute arbitrary OS commands by sending a crafted HTTP POST request to the service.

The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical) and affects all commits up to and including 9f50579.

Technical Details

The vulnerability stems from insufficient sanitization of user-controlled input passed to a system command call inside app.py. When the service processes a POST request containing HTML or URL parameters, attacker-controlled content can break out of the expected command context and inject arbitrary shell commands.

Because the wkhtmltopdf service typically runs as a privileged process inside the container, successful exploitation grants the attacker command execution within the container environment. Depending on the deployment configuration — particularly if the Docker socket is mounted or host networking is used — this can escalate to full host compromise.

Attack vector details:

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope: Unchanged
• Confidentiality / Integrity / Availability: High / High / High

Affected Versions

All versions of openlabs/docker-wkhtmltopdf-aas up to and including commit 9f50579 are affected. Deployments exposed directly to untrusted networks without authentication middleware are at highest risk.

Proof of Concept

While a full PoC is not published in this advisory, the attack pattern involves injecting shell metacharacters (e.g., $(...), ;, |) into POST parameters processed by app.py. Services without strict input validation or command argument quoting are vulnerable.

Mitigation and Remediation

1. Update immediately to a version of the project that includes the fix for app.py command construction.
2. Restrict network access — ensure the wkhtmltopdf-aas service is not exposed to untrusted networks. Place it behind an authenticated proxy or API gateway.
3. Do not mount the Docker socket inside the container running this service.
4. Implement network segmentation so the container cannot make outbound connections to attacker-controlled infrastructure.
5. Audit POST request handling in any custom forks or derivatives of this project.

References

• NVD Entry: CVE-2026-36576
• openlabs/docker-wkhtmltopdf-aas