External Control of File Name or Path

CVE-2026-40893

Low

0/10

Summary

Gotenberg blocks certain ExifTool tag names like `FileName` and `Directory` to stop attackers from renaming or moving files on the server. But ExifTool allows a longer form of the same tag -- `System:FileName` -- which does the exact same thing. Gotenberg only checks if the tag is exactly `FileName`, so `System:FileName` slips right through and ExifTool happily renames the file. No login is needed. One HTTP request is enough. All versions prior to v8.31.0 are affected.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: LOW

CWE-73 - External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

References

Advisory
Release Note

Advisory Timeline

Published May 14, 2026

External Control of File Name or Path

CVE-2026-40893

Summary

CWE-73 - External Control of File Name or Path

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS