Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1845+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. CVE-2026-55229: Gotenberg SSRF via LibreOffice Bypasses Built-in Protections
CVE-2026-55229: Gotenberg SSRF via LibreOffice Bypasses Built-in Protections
SECURITYHIGHCVE-2026-55229

CVE-2026-55229: Gotenberg SSRF via LibreOffice Bypasses Built-in Protections

A server-side request forgery vulnerability in Gotenberg's LibreOffice conversion endpoint allows crafted documents to silently probe internal network resources, bypassing the API's own SSRF mitigations entirely.

Dylan H.

Security Team

July 11, 2026
4 min read

Affected Products

  • Gotenberg < 8.34.0 (all prior versions)

Executive Summary

A server-side request forgery (SSRF) vulnerability in Gotenberg — a widely used Docker-powered stateless API for PDF conversion — allows unauthenticated attackers to coerce the server into fetching arbitrary internal network resources by uploading a crafted document. Tracked as CVE-2026-55229 with a CVSS score of 7.5 (High), the flaw targets the /forms/libreoffice/convert endpoint and completely bypasses Gotenberg's own SSRF mitigations because the vulnerable code path runs inside the LibreOffice subprocess, outside the Go application layer.

CVSS Score: 7.5 (High)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N


Vulnerability Overview

How Gotenberg Processes Documents

Gotenberg provides a REST API that converts office documents (DOCX, ODT, XLSX, etc.) to PDF by passing them through LibreOffice. The /forms/libreoffice/convert endpoint accepts multipart form uploads and hands the documents directly to the LibreOffice process for rendering.

The SSRF Bypass

LibreOffice, by design, automatically fetches embedded external resources during document rendering — including remote images, linked stylesheets, and external data sources specified within the document. These outbound HTTP requests originate from the LibreOffice subprocess, which:

  • Operates at the OS level, completely outside Gotenberg's Go application layer
  • Is not subject to Gotenberg's own SSRF filtering (introduced in v8.31.0 for Chromium-based fetches, webhook delivery, and download-from parameters)
  • Can reach any host accessible from the container's network namespace

Attack Vectors

Blind SSRF — Internal Service Enumeration:

An attacker crafts a DOCX file with embedded external image references pointing to internal services:

<!-- Embedded in document's relationships XML -->
<Relationship Id="rId1" Type=".../image"
  Target="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
  TargetMode="External"/>

When Gotenberg converts this document, LibreOffice fetches the URL. The attacker receives confirmation of which internal hosts are reachable and may obtain response data embedded in the conversion output.

Cloud Metadata Endpoint Probing:

In AWS, GCP, and Azure environments, the container's network access to the Instance Metadata Service (IMDS) endpoints at 169.254.169.254 or fd00:ec2::254 can expose IAM credentials, instance identity documents, and other sensitive cloud configuration data.

Local File Disclosure:

Embedded file URIs (file:///etc/passwd, file:///proc/self/environ) can cause LibreOffice to read and embed local filesystem contents into conversion output — potentially exposing environment variables, configuration files, or other sensitive data readable by the LibreOffice process.

Why Gotenberg's SSRF Mitigations Don't Help

Gotenberg v8.31.0 introduced SSRF filtering for its own Go-layer HTTP requests. However, these controls only intercept:

  • Chromium asset fetches (for HTML-to-PDF conversions)
  • downloadFrom parameter URLs
  • Webhook delivery requests

The LibreOffice subprocess is spawned as a separate OS process and makes its own HTTP requests through the system's network stack — completely bypassing Gotenberg's filtering middleware.


Affected Versions

ProductAffected VersionsFixed Version
GotenbergAll versions < 8.34.08.34.0

This is part of a pattern: the related CVE-2026-42591 exposed the same LibreOffice bypass in v8.31.0, indicating a systemic architectural issue that has now been addressed in 8.34.0.


Patch and Mitigation

Immediate Action

Upgrade Gotenberg to 8.34.0, which restricts LibreOffice's ability to fetch external resources during document conversion.

# Update your Docker Compose or container configuration
docker pull gotenberg/gotenberg:8.34.0
 
# Or in docker-compose.yml
# image: gotenberg/gotenberg:8.34.0
 
docker compose up -d gotenberg

Verify the running version:

curl http://localhost:3000/health

Interim Mitigations (Pre-Upgrade)

If an immediate upgrade is not possible, implement the following controls:

Network Egress Restriction:

# docker-compose.yml — restrict Gotenberg network access
services:
  gotenberg:
    image: gotenberg/gotenberg:8.33.0
    networks:
      - internal_only
    # Do NOT connect to external networks
 
networks:
  internal_only:
    internal: true  # Blocks external internet access

Block Cloud Metadata Endpoints:

# iptables rule — block access to AWS/GCP/Azure IMDS from Gotenberg container
iptables -I DOCKER-USER -s <gotenberg_container_ip> -d 169.254.169.254 -j DROP

Restrict Endpoint Access:

Do not expose /forms/libreoffice/convert to untrusted users or the public internet without authentication controls.


Detection

Watch for the following indicators of SSRF exploitation:

  • Unexpected outbound HTTP requests from the Gotenberg container to internal network ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) or cloud metadata endpoints (169.254.169.254)
  • Unusual content embedded in converted PDFs (text from internal service responses, configuration file contents)
  • High volumes of conversion requests with DOCX/ODT files from untrusted sources
  • Outbound requests from Gotenberg to 169.254.169.254, fd00:ec2::254, or internal service hostnames

SSRF Impact in Containerized Environments

Gotenberg is designed to run as a Docker container and is frequently deployed in microservice architectures with access to internal networks. In these environments, SSRF vulnerabilities can enable:

TargetImpact
AWS/GCP/Azure IMDSIAM credential theft, instance identity documents
Internal APIsUnauthorized access to private services
Database admin panelsService discovery and potential data access
Kubernetes API serverCluster credential exposure
Other containersLateral movement within Docker networks

Timeline

DateEvent
2026-07-10CVE-2026-55229 published (NVD, GHSA-2mrg-35hw-x3x9)
2026-07-11Gotenberg 8.34.0 released with fix

Recommendations

  1. Upgrade immediately to Gotenberg 8.34.0
  2. Restrict network egress from the Gotenberg container regardless of version
  3. Never expose /forms/libreoffice/convert to untrusted or anonymous users
  4. Enable IMDS protection (AWS IMDSv2 hop-limit enforcement, GCP --no-enable-osconfig) to limit metadata exposure
  5. Monitor outbound traffic from PDF conversion services in your environment

References

  • NVD — CVE-2026-55229
  • GitHub Security Advisory GHSA-2mrg-35hw-x3x9
  • Gotenberg Documentation
  • CWE-918: Server-Side Request Forgery (SSRF)
  • Related: CVE-2026-42591 — Prior LibreOffice SSRF in Gotenberg
#CVE-2026-55229#Gotenberg#SSRF#LibreOffice#Docker#PDF#Cloud Metadata

Related Articles

CVE-2026-20896: Gitea Docker Image Authentication Bypass

All official Gitea Docker images through v1.26.2 ship with a wildcard trusted proxy setting that lets any unauthenticated attacker impersonate any user...

4 min read

CVE-2026-22874: Gitea SSRF Filter Bypass Exposes Cloud Credentials

Gitea versions through 1.26.2 use an incomplete IP filter that allows authenticated users to reach AWS Instance Metadata, Azure WireServer, and...

5 min read

CVE-2026-45499: Azure OpenAI SSRF Enables Privilege Escalation — CVSS 9.9

A critical server-side request forgery vulnerability in Azure OpenAI rated CVSS 9.9 allows an authorized attacker to escalate privileges over the network,...

5 min read
Back to all Security Alerts