A critical SSRF vulnerability in Gotenberg allows unauthenticated attackers to bypass security boundaries and access internal network services.

The application utilizes a case-sensitive regex-based filter for URL validation that can be bypassed using IPv6-mapped IPv4 addresses, allowing access to internal loopback or private network services.

This Server-Side Request Forgery (SSRF) vulnerability allows an attacker to probe internal networks, potentially accessing sensitive services or metadata endpoints that are otherwise unreachable from the internet. With a CVSS score of 9.4, this poses a high risk of lateral movement and information disclosure.

Immediate Action: Upgrade the Gotenberg Docker image to version 8.31.0 or higher to implement robust URL validation.

Proactive Monitoring: Monitor for outbound requests from the Gotenberg service to internal IP ranges or sensitive internal infrastructure.

Compensating Controls: Restrict the service's network access using strict egress firewall rules to ensure it can only reach necessary external endpoints.

Public Exploit Available: No

This vulnerability enables attackers to bypass network security perimeters. Updating the software to a patched version is essential to maintaining the integrity of internal network segmentation.