A critical OS command injection vulnerability exists in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579. The vulnerability allows remote attackers to execute arbitrary operating system commands through specially crafted POST requests. This affects the Docker-based HTML to PDF conversion service, potentially allowing full system compromise. The vulnerability is accessible via the application's web interface and could lead to complete server takeover. Organizations using this Docker image should immediately update or implement mitigations.