CVE-2026-40281 Overview
CVE-2026-40281 is an argument injection vulnerability in Gotenberg, a Docker-powered stateless API for PDF files. The flaw affects versions 8.30.1 and earlier. The metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate arguments. This allows injection of arbitrary ExifTool pseudo-tags such as -FileName, -Directory, -SymLink, and -HardLink. The issue bypasses the incomplete key-sanitization fix introduced in v8.30.1 and is tracked as [CWE-88].
Critical Impact
An unauthenticated attacker can rename or move any PDF being processed to an arbitrary path in the container filesystem, overwrite arbitrary files, or create symlinks and hard links at attacker-controlled paths.
Affected Products
- Gotenberg versions 8.30.1 and earlier
- Docker deployments running vulnerable Gotenberg API
- Applications integrating the Gotenberg metadata write endpoint
Discovery Timeline
- 2026-05-06 - CVE-2026-40281 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-40281
Vulnerability Analysis
The vulnerability resides in the Gotenberg metadata write endpoint, which forwards user-supplied metadata to the ExifTool binary using stdin-driven arguments. ExifTool reads arguments line by line from stdin when invoked with -@ -. Each newline character represents a new argument boundary.
Gotenberg sanitized metadata keys for control characters but did not apply the same validation to metadata values. An attacker can embed a \n character inside a metadata value to terminate the current argument and inject a new ExifTool directive. The injected directive runs with the same privileges as the ExifTool process inside the Gotenberg container.
ExifTool exposes pseudo-tags including -FileName, -Directory, -SymLink, and -HardLink. These pseudo-tags trigger filesystem operations rather than metadata writes. Successful injection enables arbitrary file rename, file overwrite, and creation of symbolic or hard links anywhere the container process can write.
Root Cause
The root cause is incomplete input validation [CWE-88]. The fix released in v8.30.1 added control-character checks for metadata keys but omitted equivalent checks for metadata values. The patch in commit 405f1069c026bb08f319fb5a44e5c67c33208318 extends sanitization to values using a regular expression filter.
Attack Vector
The attack requires only network access to the Gotenberg HTTP API. No authentication or user interaction is required. An attacker submits a PDF processing request with crafted metadata containing newline-delimited ExifTool pseudo-tags.
// Patch summary - pkg/modules/exiftool/exiftool.go
// Adds the regexp package to enforce control-character validation on metadata values
"os"
"os/exec"
"reflect"
+ "regexp"
"strings"
"syscall"
Source: Gotenberg commit 405f1069
Detection Methods for CVE-2026-40281
Indicators of Compromise
- Unexpected files, symlinks, or hard links appearing in the Gotenberg container filesystem outside the working directory
- ExifTool process arguments containing -FileName, -Directory, -SymLink, or -HardLink directives
- HTTP requests to the metadata write endpoint with newline characters (%0A, \n) in metadata value fields
- Modified or overwritten configuration files inside the Gotenberg container
Detection Strategies
- Inspect HTTP request bodies sent to Gotenberg metadata endpoints for embedded control characters in JSON value fields
- Monitor child process invocations of exiftool for arguments not generated by the application logic
- Audit container filesystem changes using runtime file integrity monitoring
Monitoring Recommendations
- Enable verbose logging on the Gotenberg API and forward logs to a centralized SIEM for correlation
- Alert on ExifTool exit codes and stderr messages indicating filesystem operations
- Track new symlink and hard link creation events inside container workloads using eBPF or auditd
How to Mitigate CVE-2026-40281
Immediate Actions Required
- Upgrade Gotenberg to a version newer than 8.30.1 that includes commit 405f1069c026bb08f319fb5a44e5c67c33208318
- Restrict network exposure of the Gotenberg API to trusted internal services only
- Run Gotenberg containers with read-only root filesystems and non-root users to limit the impact of arbitrary file operations
Patch Information
The maintainers released a fix that adds regular-expression validation for control characters in metadata values. Review the GitHub Security Advisory GHSA-q7r4-hc83-hf2q and the upstream commit for technical details.
Workarounds
- Place a reverse proxy or API gateway in front of Gotenberg that rejects requests containing control characters in metadata values
- Disable the metadata write endpoint if it is not required by your workflow
- Apply container security policies that block creation of symlinks and hard links outside designated working directories
# Example: run Gotenberg with a read-only filesystem and dropped capabilities
docker run --rm \
--read-only \
--tmpfs /tmp \
--cap-drop=ALL \
--user 1001:1001 \
--network internal \
gotenberg/gotenberg:latest
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
