Executive Summary
CVE-2026-40281 is a critical (CVSS 10.0) command injection vulnerability in Gotenberg — a Docker-powered stateless API widely used to generate, convert, and manipulate PDF files in CI/CD pipelines, document automation workflows, and microservice architectures. The flaw resides in the metadata write endpoint, which sanitizes metadata keys for control characters but leaves metadata values entirely unsanitized.
An attacker can embed a newline character (\n) inside a metadata value, which splits the ExifTool stdin argument stream into two separate commands, allowing arbitrary ExifTool arguments — and through ExifTool's feature set, arbitrary OS command execution — to be injected.
Given Gotenberg's prevalence in containerized document processing workflows and its typical deployment with access to file systems and downstream services, successful exploitation can result in full container compromise and potential host escape depending on container security configuration.
Vulnerability Overview
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-40281 |
| CVSS Score | 10.0 (Critical) |
| Affected Product | Gotenberg |
| Affected Versions | 8.30.1 and earlier |
| Vulnerability Type | Improper Input Neutralization / Command Injection |
| Attack Vector | Network |
| Authentication Required | Depends on deployment (often none — public API) |
| User Interaction | None |
| Impact | Remote Code Execution via ExifTool argument injection |
| Fixed In | 8.31.0+ |
Affected Products
| Product | Affected Versions | Remediation |
|---|---|---|
| Gotenberg Docker API | ≤ 8.30.1 | Upgrade to 8.31.0 or later |
Technical Analysis
Background: Gotenberg and ExifTool
Gotenberg is a stateless, containerized REST API that wraps tools like Chromium, LibreOffice, and ExifTool to provide document conversion and processing services. Its metadata write endpoint allows API callers to embed metadata (author, title, subject, keywords, etc.) into generated or converted PDF files.
ExifTool — the underlying metadata manipulation tool — accepts its operation parameters via stdin when Gotenberg passes them programmatically. Each metadata key-value pair is transmitted as a separate line in stdin, with ExifTool parsing each line as a distinct argument.
Root Cause: Unsanitized Metadata Values
The Gotenberg metadata write endpoint validates keys for control characters (such as newlines), preventing key-level injection. However, the corresponding value sanitization is absent — values are passed to ExifTool's stdin without stripping or escaping control characters.
Vulnerable input:
metadata_key = "Author"
metadata_value = "Attacker\n-execute=<payload>"
ExifTool stdin (split by newline):
Line 1: -Author=Attacker
Line 2: -execute=<payload> ← injected ExifTool argument
The -execute option in ExifTool allows arbitrary Perl code execution, effectively enabling OS command execution in the container environment.
Exploit Path
1. Attacker sends POST request to Gotenberg metadata write endpoint
2. Metadata value contains embedded \n followed by -execute=<perl_payload>
3. Gotenberg passes unsanitized value to ExifTool via stdin
4. ExifTool receives two stdin lines: the legitimate metadata argument and the injected -execute argument
5. ExifTool executes the injected Perl payload
6. Arbitrary code runs in the Gotenberg container context
Exploitation Complexity
Because many Gotenberg deployments are internal microservices without authentication, exploitation may require no credentials at all — only network access to the Gotenberg API port (default: 3000). This drives the CVSS score to 10.0.
In environments where Gotenberg is exposed via an internet-facing API gateway or ingress controller without authentication, the attack surface is public.
Impact Assessment
| Impact Area | Description |
|---|---|
| RCE in Container | Arbitrary Perl/OS code execution in Gotenberg container |
| File System Access | Access to all files mounted or accessible within the container |
| Network Lateral Movement | Container network allows access to backend services |
| Container Escape Risk | Depends on container security posture (privileged mode, host mounts) |
| CI/CD Pipeline Compromise | Gotenberg commonly integrated in document automation pipelines |
| Credential Exposure | Environment variables, mounted secrets, service account tokens accessible |
Immediate Remediation
Step 1: Upgrade Gotenberg
# Pull the patched image
docker pull gotenberg/gotenberg:8.31.0
# Update docker-compose.yml
services:
gotenberg:
image: gotenberg/gotenberg:8.31.0 # was 8.30.1 or earlier
...
# Redeploy
docker compose up -d gotenbergStep 2: Verify Current Version
# Check running Gotenberg version
docker inspect gotenberg/gotenberg:latest | grep -i version
# Or check via health endpoint
curl http://localhost:3000/healthStep 3: Restrict API Access While Patching
If immediate upgrade is not possible, restrict Gotenberg API access to trusted internal callers only:
# Nginx example: restrict Gotenberg to internal subnets
location /forms/pdfengines/metadata {
allow 10.0.0.0/8;
allow 172.16.0.0/12;
deny all;
}Step 4: Review Container Security Posture
# Ensure Gotenberg is NOT running in privileged mode
docker inspect <gotenberg-container> | grep -i privileged
# Verify no unnecessary host mounts
docker inspect <gotenberg-container> | grep -A 5 '"Mounts"'
# Check container user — should not be root
docker exec <gotenberg-container> whoamiStep 5: Audit API Logs for Exploitation Indicators
# Look for metadata values containing newline-encoded sequences
grep -E "(%0a|%0A|\\\\n)" /var/log/nginx/gotenberg-access.log
# Check Gotenberg container logs for anomalous ExifTool invocations
docker logs gotenberg 2>&1 | grep -i "exiftool"Detection Indicators
| Indicator | Description |
|---|---|
Metadata value requests containing %0a, %0A, or literal newlines | Exploitation attempt |
| Unexpected outbound network connections from Gotenberg container | Post-exploitation C2 |
| Unusual file creation or modification within container filesystem | Post-exploitation activity |
| Gotenberg container processes spawning unexpected child processes | Code execution indicator |
| API requests to metadata endpoint from unusual source IPs | Scanning or exploitation |
| Container environment variable enumeration commands in logs | Credential harvesting |
Post-Remediation Checklist
- Upgrade Gotenberg to version 8.31.0 or later
- Audit API access controls — ensure Gotenberg is not internet-accessible without authentication
- Implement API authentication — add an API gateway with authentication in front of Gotenberg
- Review container security — disable privileged mode, minimize host mounts, run as non-root
- Scan historical API logs for exploitation artifacts (newline-encoded metadata values)
- Check downstream systems — if exploitation occurred, treat all services accessible from the Gotenberg container as potentially compromised
- Rotate secrets — refresh all environment variables and mounted secrets accessible to the container
- Consider network policies — Kubernetes NetworkPolicy or equivalent to restrict egress from Gotenberg pods