VYPR
Critical severity9.8NVD Advisory· Published Apr 7, 2026· Updated Apr 14, 2026

CVE-2026-35458

CVE-2026-35458

Description

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/gotenberg/gotenberg/v8Go
< 8.30.08.30.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.