CVE-2026-36576 CRITICAL

Published: 2026-06-03 | Last Modified: 2026-06-03 | Status: Received

Description

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 3.9

Impact Score: 5.9

Weaknesses

Source	Type	Description
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-78

References

https://github.com/openlabs/docker-wkhtmltopdf-aas
Source: [email protected]
https://github.com/openlabs/docker-wkhtmltopdf-aas/blob/9f505797671c3339520dec5fc01dff3a6f324f2e/app.py#L40
Source: [email protected]
https://github.com/openlabs/docker-wkhtmltopdf-aas/issues/36
Source: [email protected]
https://hub.docker.com/r/openlabs/docker-wkhtmltopdf-aas
Source: [email protected]
https://github.com/openlabs/docker-wkhtmltopdf-aas/issues/36
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0