CVE-2026-27018

UNKNOWN 0.0

Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

4th

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0.

CWE	CWE-22 CWE-918
Vendor	gotenberg
Product	gotenberg
Published	Mar 30, 2026
Last Updated	Mar 31, 2026

Stay Ahead of the Next One

Get instant alerts for gotenberg gotenberg

Be the first to know when new unknown vulnerabilities affecting gotenberg gotenberg are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

gotenberg / gotenberg

< 8.29.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/gotenberg/gotenberg/security/advisories/GHSA-jjwv-57xh-xr6r github.com: https://github.com/gotenberg/gotenberg/commit/06b2b2e10c52b58135edbfe82e94d599eb0c5a11 github.com: https://github.com/gotenberg/gotenberg/commit/8625a4e899eb75e6fcf46d28394334c7fd79fff5 github.com: https://github.com/gotenberg/gotenberg/releases/tag/v8.29.0