CVE-2026-27018

Published: Mar 30, 2026

Modified: Mar 31, 2026

PUBLISHED

Description

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0.

Vendor	Product	Versions
gotenberg	gotenberg	affected `< 8.29.0`

Weaknesses (CWE)

CWE-22

CWE-918

References

https://github.com/gotenberg/gotenberg/security/advisories/GHSA-jjwv-57xh-xr6r

x_refsource_CONFIRM

https://github.com/gotenberg/gotenberg/commit/06b2b2e10c52b58135edbfe82e94d599eb0c5a11

x_refsource_MISC

https://github.com/gotenberg/gotenberg/commit/8625a4e899eb75e6fcf46d28394334c7fd79fff5

x_refsource_MISC

https://github.com/gotenberg/gotenberg/releases/tag/v8.29.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-27018

Description

Affected Products

Weaknesses (CWE)

References