How is CVE-2026-36576 exploited?

Network reachability (required): The vulnerable app.py endpoint is exposed over the network, so an attacker must be able to send an HTTP POST request to the service from a remote host. Authentication (not-required): No credentials or session token are needed; the injection point is reachable by any unauthenticated caller. Victim interaction (not-required): Exploitation is fully server-side and requires no action from any user or administrator. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and reproducible without depending on race conditions, specific memory layouts, or other variable environmental factors.

What is the impact of CVE-2026-36576?

A successful attacker executes arbitrary OS commands in the context of the container process, gaining the same filesystem and network access the process holds. All data accessible to the running process, including converted documents, temporary files, and any mounted secrets or credentials, can be read or exfiltrated. The attacker can write or delete files on the container filesystem, modifying application behavior or destroying stored content. The container process can be crashed or made to consume all available resources, taking the wkhtmltopdf conversion service offline.

Back to search

CRITICALCVE-2026-36576Published 2026-06-03Modified 2026-06-03CNA mitre

CVE-2026-36576: An OS command injection vulnerability in the app

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.

CVSS v3.1: 9.8
Severity: CRITICAL
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas (up to commit 9f50579) allows an unauthenticated attacker to inject and execute arbitrary operating system commands by sending a crafted HTTP POST request. No authentication or victim interaction is required, and the service is reachable directly over the network. Successful exploitation gives the attacker full control over the host process, including the ability to read, modify, or destroy data and crash the service. HarborGuard is tracking this advisory and will make a patched-image rebuild available the moment an upstream fix is published.

HarborGuard Coverage

Detection

Detection of CVE-2026-36576 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI pipelines, including custom-built images derived from openlabs docker-wkhtmltopdf-aas. No manual configuration is needed for the scan to run.

Available

Triage

HarborGuard scores this CVE at 9.8 CRITICAL (CVSS v3.1) and surfaces it with that rating inside each customer environment, weighted against the organization's own compliance policy to determine urgency and queue priority. Triage alerts are routed to the inbox or ticketing integration configured for the affected workload's owning team.

Available

Patch

Because no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the upstream maintainer ships a remediated commit or release. In the interim, compensating controls such as network-policy isolation or egress filtering can be applied through HarborGuard's policy engine where supported by the customer's environment configuration.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The vulnerable app.py endpoint is exposed over the network, so an attacker must be able to send an HTTP POST request to the service from a remote host.
AuthenticationNot required
No credentials or session token are needed; the injection point is reachable by any unauthenticated caller.
Victim interactionNot required
Exploitation is fully server-side and requires no action from any user or administrator.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and reproducible without depending on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

A successful attacker executes arbitrary OS commands in the context of the container process, gaining the same filesystem and network access the process holds.
All data accessible to the running process, including converted documents, temporary files, and any mounted secrets or credentials, can be read or exfiltrated.
The attacker can write or delete files on the container filesystem, modifying application behavior or destroying stored content.
The container process can be crashed or made to consume all available resources, taking the wkhtmltopdf conversion service offline.

How HarborGuard Handles This

Available on HarborGuard: this CVE is flagged at CRITICAL severity and surfaced immediately upon scan for any image derived from openlabs docker-wkhtmltopdf-aas up to commit 9f50579. Because no upstream fix exists today, HarborGuard monitors the advisory on every ingest cycle and will trigger a patched-image rebuild automatically once a remediated version is published. For customers who opt into auto-remediation, that rebuild will be followed by a regression-test run and a PR opened against affected workloads with no manual intervention required. While the upstream patch is pending, consider applying network-policy rules to restrict inbound POST access to the service to trusted sources only, and review whether the container needs outbound egress access that could be used to exfiltrate data if the service is compromised.

See how HarborGuard automates this

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Metrics

Get notified