NextGuard
UNKNOWNCVE-2026-27018

Gotenberg: Chromium deny-list bypass via case-insensitive URL scheme

Platform

docker

Component

gotenberg

Fixed in

8.29.0

View on NVD

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0.

How to fix

Actualice Gotenberg a la versión 8.29.0 o superior. Esta versión corrige la vulnerabilidad de omisión de la lista de denegación de Chromium mediante esquemas de URL que no distinguen entre mayúsculas y minúsculas.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-27018 — Vulnerability Details | NextGuard | NextGuard