Critical severity9.8NVD Advisory· Published Apr 7, 2026· Updated Apr 14, 2026
CVE-2026-35458
CVE-2026-35458
Description
Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gotenberg/gotenberg/v8Go | < 8.30.0 | 8.30.0 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/gotenberg/gotenberg/security/advisories/GHSA-fmwg-qcqh-m992nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-fmwg-qcqh-m992ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-35458ghsaADVISORY
- github.com/gotenberg/gotenberg/commit/cfb48d9af48cb236244eabe5c67fe1d30fb3fe25ghsaWEB
News mentions
0No linked articles in our index yet.