Vulnerability in Gotenberg

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang wo…

Vulnerability class: ReDoS (Regular Expression Denial of Service)

EPSS: 0.000 (8.8th percentile) — read the EPSS interpretation.