CVE-2026-36576

Published June 3rd, 2026

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECTS

Description

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.

openlabs/docker-wkhtmltopdf-aas

wkhtmltopdf in a docker container as a web service.

GitHub

104

openlabs/docker-wkhtmltopdf-aas

Docker Hub

171.4M