Vulnerability Description
Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thecodingmachine | Gotenberg | < 8.29.0 |
Related Weaknesses (CWE)
References
- https://github.com/gotenberg/gotenberg/commit/06b2b2e10c52b58135edbfe82e94d599ebPatch
- https://github.com/gotenberg/gotenberg/commit/8625a4e899eb75e6fcf46d28394334c7fdPatch
- https://github.com/gotenberg/gotenberg/releases/tag/v8.29.0ProductRelease Notes
- https://github.com/gotenberg/gotenberg/security/advisories/GHSA-jjwv-57xh-xr6rExploitMitigationVendor Advisory
- https://github.com/gotenberg/gotenberg/security/advisories/GHSA-jjwv-57xh-xr6rExploitMitigationVendor Advisory
FAQ
What is CVE-2026-27018?
CVE-2026-27018 is a vulnerability with a CVSS score of 7.5 (HIGH). Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patch...
How severe is CVE-2026-27018?
CVE-2026-27018 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-27018?
Check the references section above for vendor advisories and patch information. Affected products include: Thecodingmachine Gotenberg.