Input validation error in gotenberg - #VU129643
Published: May 5, 2026
gotenberg
Detailed vulnerability description
The vulnerability allows a remote attacker to modify file permissions.
The vulnerability exists due to improper input validation in the ExifTool metadata tag blocklist when handling metadata fields in HTTP requests. A remote attacker can send a specially crafted request using the FilePermissions tag to modify file permissions.
The FilePermissions tag is not included in the dangerous tag blocklist.