A vulnerability was found in KnpLabs snappy up to 1.7.0 on POSIX. It has been rated as critical . This affects the function is_executable of the file /usr/bin/wkhtmltopdf of the component Configuration Handler . Performing a manipulation of the argument command results in os command injection. This vulnerability is identified as CVE-2026-46643 . The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.