What is GHSA-v5gc-8cqm-ww2h?

GHSA-v5gc-8cqm-ww2h is a security advisory published by GitHub Security Advisories with Critical severity. An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas...

Which CVE IDs does GHSA-v5gc-8cqm-ww2h cover?

GHSA-v5gc-8cqm-ww2h covers the following CVE IDs: CVE-2026-36576. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-v5gc-8cqm-ww2h?

GHSA-v5gc-8cqm-ww2h has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-v5gc-8cqm-ww2hCriticalCVSS 9.8

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas...

Vendor

GitHub Security Advisories

Published

June 3, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (1)

CVE-2026-36576 →

📋 Description

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2026-36576
https://github.com/openlabs/docker-wkhtmltopdf-aas/issues/36
https://github.com/openlabs/docker-wkhtmltopdf-aas
https://github.com/openlabs/docker-wkhtmltopdf-aas/blob/9f505797671c3339520dec5fc01dff3a6f324f2e/app.py#L40
https://hub.docker.com/r/openlabs/docker-wkhtmltopdf-aas
https://github.com/advisories/GHSA-v5gc-8cqm-ww2h