Executive Summary
A server-side request forgery (SSRF) vulnerability in Gotenberg — a widely used Docker-powered stateless API for PDF conversion — allows unauthenticated attackers to coerce the server into fetching arbitrary internal network resources by uploading a crafted document. Tracked as CVE-2026-55229 with a CVSS score of 7.5 (High), the flaw targets the /forms/libreoffice/convert endpoint and completely bypasses Gotenberg's own SSRF mitigations because the vulnerable code path runs inside the LibreOffice subprocess, outside the Go application layer.
CVSS Score: 7.5 (High)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Overview
How Gotenberg Processes Documents
Gotenberg provides a REST API that converts office documents (DOCX, ODT, XLSX, etc.) to PDF by passing them through LibreOffice. The /forms/libreoffice/convert endpoint accepts multipart form uploads and hands the documents directly to the LibreOffice process for rendering.
The SSRF Bypass
LibreOffice, by design, automatically fetches embedded external resources during document rendering — including remote images, linked stylesheets, and external data sources specified within the document. These outbound HTTP requests originate from the LibreOffice subprocess, which:
- Operates at the OS level, completely outside Gotenberg's Go application layer
- Is not subject to Gotenberg's own SSRF filtering (introduced in v8.31.0 for Chromium-based fetches, webhook delivery, and download-from parameters)
- Can reach any host accessible from the container's network namespace
Attack Vectors
Blind SSRF — Internal Service Enumeration:
An attacker crafts a DOCX file with embedded external image references pointing to internal services:
<!-- Embedded in document's relationships XML -->
<Relationship Id="rId1" Type=".../image"
Target="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
TargetMode="External"/>When Gotenberg converts this document, LibreOffice fetches the URL. The attacker receives confirmation of which internal hosts are reachable and may obtain response data embedded in the conversion output.
Cloud Metadata Endpoint Probing:
In AWS, GCP, and Azure environments, the container's network access to the Instance Metadata Service (IMDS) endpoints at 169.254.169.254 or fd00:ec2::254 can expose IAM credentials, instance identity documents, and other sensitive cloud configuration data.
Local File Disclosure:
Embedded file URIs (file:///etc/passwd, file:///proc/self/environ) can cause LibreOffice to read and embed local filesystem contents into conversion output — potentially exposing environment variables, configuration files, or other sensitive data readable by the LibreOffice process.
Why Gotenberg's SSRF Mitigations Don't Help
Gotenberg v8.31.0 introduced SSRF filtering for its own Go-layer HTTP requests. However, these controls only intercept:
- Chromium asset fetches (for HTML-to-PDF conversions)
downloadFromparameter URLs- Webhook delivery requests
The LibreOffice subprocess is spawned as a separate OS process and makes its own HTTP requests through the system's network stack — completely bypassing Gotenberg's filtering middleware.
Affected Versions
| Product | Affected Versions | Fixed Version |
|---|---|---|
| Gotenberg | All versions < 8.34.0 | 8.34.0 |
This is part of a pattern: the related CVE-2026-42591 exposed the same LibreOffice bypass in v8.31.0, indicating a systemic architectural issue that has now been addressed in 8.34.0.
Patch and Mitigation
Immediate Action
Upgrade Gotenberg to 8.34.0, which restricts LibreOffice's ability to fetch external resources during document conversion.
# Update your Docker Compose or container configuration
docker pull gotenberg/gotenberg:8.34.0
# Or in docker-compose.yml
# image: gotenberg/gotenberg:8.34.0
docker compose up -d gotenbergVerify the running version:
curl http://localhost:3000/healthInterim Mitigations (Pre-Upgrade)
If an immediate upgrade is not possible, implement the following controls:
Network Egress Restriction:
# docker-compose.yml — restrict Gotenberg network access
services:
gotenberg:
image: gotenberg/gotenberg:8.33.0
networks:
- internal_only
# Do NOT connect to external networks
networks:
internal_only:
internal: true # Blocks external internet accessBlock Cloud Metadata Endpoints:
# iptables rule — block access to AWS/GCP/Azure IMDS from Gotenberg container
iptables -I DOCKER-USER -s <gotenberg_container_ip> -d 169.254.169.254 -j DROPRestrict Endpoint Access:
Do not expose /forms/libreoffice/convert to untrusted users or the public internet without authentication controls.
Detection
Watch for the following indicators of SSRF exploitation:
- Unexpected outbound HTTP requests from the Gotenberg container to internal network ranges (
10.0.0.0/8,172.16.0.0/12,192.168.0.0/16) or cloud metadata endpoints (169.254.169.254) - Unusual content embedded in converted PDFs (text from internal service responses, configuration file contents)
- High volumes of conversion requests with DOCX/ODT files from untrusted sources
- Outbound requests from Gotenberg to
169.254.169.254,fd00:ec2::254, or internal service hostnames
SSRF Impact in Containerized Environments
Gotenberg is designed to run as a Docker container and is frequently deployed in microservice architectures with access to internal networks. In these environments, SSRF vulnerabilities can enable:
| Target | Impact |
|---|---|
| AWS/GCP/Azure IMDS | IAM credential theft, instance identity documents |
| Internal APIs | Unauthorized access to private services |
| Database admin panels | Service discovery and potential data access |
| Kubernetes API server | Cluster credential exposure |
| Other containers | Lateral movement within Docker networks |
Timeline
| Date | Event |
|---|---|
| 2026-07-10 | CVE-2026-55229 published (NVD, GHSA-2mrg-35hw-x3x9) |
| 2026-07-11 | Gotenberg 8.34.0 released with fix |
Recommendations
- Upgrade immediately to Gotenberg 8.34.0
- Restrict network egress from the Gotenberg container regardless of version
- Never expose
/forms/libreoffice/convertto untrusted or anonymous users - Enable IMDS protection (AWS IMDSv2 hop-limit enforcement, GCP
--no-enable-osconfig) to limit metadata exposure - Monitor outbound traffic from PDF conversion services in your environment