What is CVE-2026-39383?

CVE-2026-39383 is a high-severity vulnerability in Gotenberg, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.2/10. Published 2026-05-05.

How severe is CVE-2026-39383?

High severity. CVSS v3 base score is 7.2 out of 10.

SSRF in Gotenberg

CVE-2026-39383

Gotenberg is an API-based document conversion tool. In version 8.29.1, an unauthenticated attacker with network access can force the server to make outbound HTTP POST requests to arbitrary internal or external destinations by supplying a c…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (21.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N.

Affected products

Gotenberg — versions < 8.31.0
Thecodingmachine Gotenberg

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

https://github.com/gotenberg/gotenberg/security/advisories/GHSA-5vh4-rgv7-p9g4 (x_refsource_CONFIRM, Exploit, Mitigation, Vendor Advisory)

Frequently asked questions

What is CVE-2026-39383?: CVE-2026-39383 is a high-severity vulnerability in Gotenberg, classified under Server-Side Request Forgery (SSRF). CVSS score: 7.2/10. Published 2026-05-05.
How severe is CVE-2026-39383?: High severity. CVSS v3 base score is 7.2 out of 10.