Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    114 vulnerabilities by osgeo

    CVE-2025-58175 (GCVE-0-2025-58175)

    Vulnerability from nvd – Published: 2026-06-18 14:31 – Updated: 2026-06-18 15:26
    VLAI
    Title
    GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-611 - Improper Restriction of XML External Entity Reference
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver org.geoserver.web:gs-web-app Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    geoserver org.geoserver:gs-main Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:25:52.864367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:26:07.311Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.web:gs-web-app",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            },
            {
              "product": "org.geoserver:gs-main",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:31:19.757Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8622",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8622"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11867",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11867"
            }
          ],
          "source": {
            "advisory": "GHSA-x4r9-gmw3-hxww",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-58175",
        "datePublished": "2026-06-18T14:31:19.757Z",
        "dateReserved": "2025-08-27T13:34:56.189Z",
        "dateUpdated": "2026-06-18T15:26:07.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52465 (GCVE-0-2025-52465)

    Vulnerability from nvd – Published: 2026-06-18 14:28 – Updated: 2026-06-24 03:56
    VLAI
    Title
    GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    geoserver org.geoserver.web:gs-web-app Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    geoserver org.geoserver.web:gs-web-sec-core Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:00.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.web:gs-web-app",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            },
            {
              "product": "org.geoserver.web:gs-web-sec-core",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer\u0027s security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:28:41.270Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8584",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8584"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11852",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11852"
            },
            {
              "name": "https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild"
            }
          ],
          "source": {
            "advisory": "GHSA-7qmg-grcp-qf25",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-52465",
        "datePublished": "2026-06-18T14:28:41.270Z",
        "dateReserved": "2025-06-17T02:28:39.716Z",
        "dateUpdated": "2026-06-24T03:56:00.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27511 (GCVE-0-2025-27511)

    Vulnerability from nvd – Published: 2026-06-18 14:23 – Updated: 2026-06-24 03:56
    VLAI
    Title
    GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27511",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:02.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.extension:gs-db2",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.27.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:23:01.788Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7"
            },
            {
              "name": "https://github.com/geoserver/geoserver/releases/tag/2.27.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases/tag/2.27.0"
            },
            {
              "name": "https://nvd.nist.gov/vuln/detail/cve-2023-27867",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27867"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOT-7725",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOT-7725"
            }
          ],
          "source": {
            "advisory": "GHSA-g628-r368-6vh7",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27511",
        "datePublished": "2026-06-18T14:23:01.788Z",
        "dateReserved": "2025-02-26T18:11:52.306Z",
        "dateUpdated": "2026-06-24T03:56:02.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45104 (GCVE-0-2026-45104)

    Vulnerability from nvd – Published: 2026-05-27 18:41 – Updated: 2026-06-01 17:08
    VLAI
    Title
    MapServer: NULL pointer dereference in SLD `<ElseFilter>` rule parsing reachable via WMS `SLD_BODY`
    Summary
    MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFilter/> — it assumes msSLDParseRule added one class. When the rule has no symbolizer (a structurally valid SLD), msSLDParseRule adds zero, and _SLDApplyRuleValues ends up indexing _class[-1], resulting in a NULL pointer dereference. A 200-byte well-formed SLD via the WMS SLD_BODY= parameter is enough to trigger this, no auth required. This vulnerability is fixed in 8.6.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    MapServer MapServer Affected: >= 6.4.0, < 8.6.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45104",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T17:05:19.453049Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T17:08:18.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MapServer",
              "vendor": "MapServer",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 6.4.0, \u003c 8.6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any \u003cRule\u003e carrying \u003cElseFilter/\u003e \u2014 it assumes msSLDParseRule added one class. When the rule has no symbolizer (a structurally valid SLD), msSLDParseRule adds zero, and _SLDApplyRuleValues ends up indexing _class[-1], resulting in a NULL pointer dereference. A 200-byte well-formed SLD via the WMS SLD_BODY= parameter is enough to trigger this, no auth required. This vulnerability is fixed in 8.6.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129: Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T18:41:39.396Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m"
            }
          ],
          "source": {
            "advisory": "GHSA-4h8g-378q-r75m",
            "discovery": "UNKNOWN"
          },
          "title": "MapServer: NULL pointer dereference in SLD `\u003cElseFilter\u003e` rule parsing reachable via WMS `SLD_BODY`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45104",
        "datePublished": "2026-05-27T18:41:39.396Z",
        "dateReserved": "2026-05-08T19:27:26.699Z",
        "dateUpdated": "2026-06-01T17:08:18.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49014 (GCVE-0-2026-49014)

    Vulnerability from nvd – Published: 2026-05-27 01:39 – Updated: 2026-05-27 13:52
    VLAI
    Summary
    In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    GDAL GDAL Affected: 3.1.0 , ≤ 3.13.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49014",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T13:51:40.806763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T13:52:05.905Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/OSGeo/gdal/issues/14594"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GDAL",
              "vendor": "GDAL",
              "versions": [
                {
                  "lessThanOrEqual": "3.13.0",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gdal:gdal:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "3.13.0",
                      "versionStartIncluding": "3.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T01:39:18.976Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/OSGeo/gdal/issues/14594"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-49014",
        "datePublished": "2026-05-27T01:39:18.976Z",
        "dateReserved": "2026-05-27T01:39:18.239Z",
        "dateUpdated": "2026-05-27T13:52:05.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8213 (GCVE-0-2026-8213)

    Vulnerability from nvd – Published: 2026-05-09 23:00 – Updated: 2026-05-11 17:31 X_Open Source
    VLAI
    Title
    OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow
    Summary
    A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8213",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T16:00:54.149327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T17:31:56.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Grid File Handler"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T23:00:17.283Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362430 | OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362430"
            },
            {
              "name": "VDB-362430 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362430/cti"
            },
            {
              "name": "Submit #808128 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808128"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14399"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-gdsdfldsrch_oob-read"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-09T09:14:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8213",
        "datePublished": "2026-05-09T23:00:17.283Z",
        "dateReserved": "2026-05-09T07:09:26.613Z",
        "dateUpdated": "2026-05-11T17:31:56.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8212 (GCVE-0-2026-8212)

    Vulnerability from nvd – Published: 2026-05-09 22:30 – Updated: 2026-05-11 14:56 X_Open Source
    VLAI
    Title
    OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow
    Summary
    A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8212",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:56:25.255773Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:56:32.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T22:30:12.527Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362429 | OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362429"
            },
            {
              "name": "VDB-362429 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362429/cti"
            },
            {
              "name": "Submit #808127 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808127"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14398"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-09T09:14:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8212",
        "datePublished": "2026-05-09T22:30:12.527Z",
        "dateReserved": "2026-05-09T07:09:13.290Z",
        "dateUpdated": "2026-05-11T14:56:32.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42030 (GCVE-0-2026-42030)

    Vulnerability from nvd – Published: 2026-05-08 15:56 – Updated: 2026-05-08 21:26
    VLAI
    Title
    MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer
    Summary
    MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The vulnerability is triggered via FORMAT=application/openlayers combined with an unsanitized SRS parameter in WMS 1.3.0 requests. This issue has been patched in version 8.6.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    MapServer MapServer Affected: >= 6.0, < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42030",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T17:12:03.204167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:26:45.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MapServer",
              "vendor": "MapServer",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 6.0, \u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer\u0027s WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The vulnerability is triggered via FORMAT=application/openlayers combined with an unsanitized SRS parameter in WMS 1.3.0 requests. This issue has been patched in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T15:56:48.553Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x"
            },
            {
              "name": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-2"
            }
          ],
          "source": {
            "advisory": "GHSA-4g9f-ph64-hg2x",
            "discovery": "UNKNOWN"
          },
          "title": "MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42030",
        "datePublished": "2026-05-08T15:56:48.553Z",
        "dateReserved": "2026-04-23T16:05:01.708Z",
        "dateUpdated": "2026-05-08T21:26:45.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8088 (GCVE-0-2026-8088)

    Vulnerability from nvd – Published: 2026-05-07 19:30 – Updated: 2026-05-08 21:30 X_Open Source
    VLAI
    Title
    OSGeo gdal GDapi.c GDfieldinfo out-of-bounds
    Summary
    A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8088",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T14:37:33.333221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:30:21.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-Bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:30:11.704Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361841 | OSGeo gdal GDapi.c GDfieldinfo out-of-bounds",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361841"
            },
            {
              "name": "VDB-361841 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361841/cti"
            },
            {
              "name": "Submit #808040 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808040"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14379"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-gdapi-gdfinfo-dimlist-oob-read"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-07T14:39:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal GDapi.c GDfieldinfo out-of-bounds"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8088",
        "datePublished": "2026-05-07T19:30:11.704Z",
        "dateReserved": "2026-05-07T12:34:26.732Z",
        "dateUpdated": "2026-05-08T21:30:21.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8087 (GCVE-0-2026-8087)

    Vulnerability from nvd – Published: 2026-05-07 19:00 – Updated: 2026-05-08 14:18 X_Open Source
    VLAI
    Title
    OSGeo gdal GDapi.c GDnentries heap-based overflow
    Summary
    A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8087",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T14:17:56.094820Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T14:18:03.410Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:00:15.040Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361840 | OSGeo gdal GDapi.c GDnentries heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361840"
            },
            {
              "name": "VDB-361840 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361840/cti"
            },
            {
              "name": "Submit #808039 | OSGeo GDAL 3.13.0dev Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808039"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14363"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-gdinqfields_bof"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/184f77dbcc74118c062c05e464c88161d3c37b9b"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-07T14:39:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal GDapi.c GDnentries heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8087",
        "datePublished": "2026-05-07T19:00:15.040Z",
        "dateReserved": "2026-05-07T12:34:23.855Z",
        "dateUpdated": "2026-05-08T14:18:03.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8086 (GCVE-0-2026-8086)

    Vulnerability from nvd – Published: 2026-05-07 18:45 – Updated: 2026-05-07 19:53 X_Open Source
    VLAI
    Title
    OSGeo gdal SWapi.c SWnentries heap-based overflow
    Summary
    A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.12.4RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8086",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T19:50:27.573162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T19:53:07.538Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/808038"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/OSGeo/gdal/issues/14356"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.12.4RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T18:45:13.165Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361839 | OSGeo gdal SWapi.c SWnentries heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361839"
            },
            {
              "name": "VDB-361839 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361839/cti"
            },
            {
              "name": "Submit #808038 | OSGeo GDAL 3.13.0dev Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808038"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14356"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/pull/14361"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-07T14:39:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal SWapi.c SWnentries heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8086",
        "datePublished": "2026-05-07T18:45:13.165Z",
        "dateReserved": "2026-05-07T12:34:19.931Z",
        "dateUpdated": "2026-05-07T19:53:07.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8084 (GCVE-0-2026-8084)

    Vulnerability from nvd – Published: 2026-05-07 18:30 – Updated: 2026-05-08 22:53 X_Open Source
    VLAI
    Title
    OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds
    Summary
    A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8084",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T22:53:31.548814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T22:53:55.692Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HDF-EOS Grid File Handler"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-Bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T18:30:13.275Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361838 | OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361838"
            },
            {
              "name": "VDB-361838 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361838/cti"
            },
            {
              "name": "Submit #808034 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808034"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14378"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-07T14:26:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8084",
        "datePublished": "2026-05-07T18:30:13.275Z",
        "dateReserved": "2026-05-07T12:21:31.524Z",
        "dateUpdated": "2026-05-08T22:53:55.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33721 (GCVE-0-2026-33721)

    Vulnerability from nvd – Published: 2026-03-27 00:15 – Updated: 2026-04-17 17:18
    VLAI
    Title
    MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing
    Summary
    MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MapServer MapServer Affected: >= 4.2, < 8.6.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33721",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T11:51:50.279171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T11:52:01.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-17T17:18:03.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MapServer",
              "vendor": "MapServer",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.2, \u003c 8.6.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer\u2019s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T00:15:00.360Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp"
            },
            {
              "name": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1"
            }
          ],
          "source": {
            "advisory": "GHSA-cv4m-mr84-fgjp",
            "discovery": "UNKNOWN"
          },
          "title": "MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33721",
        "datePublished": "2026-03-27T00:15:00.360Z",
        "dateReserved": "2026-03-23T17:34:57.559Z",
        "dateUpdated": "2026-04-17T17:18:03.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4738 (GCVE-0-2026-4738)

    Vulnerability from nvd – Published: 2026-03-24 03:18 – Updated: 2026-03-24 14:35
    VLAI
    Title
    GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution
    Summary
    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 0 , < 3.11.0 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T14:35:17.590340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T14:35:23.904Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/OSGeo/gdal",
              "defaultStatus": "affected",
              "modules": [
                "frmts/zlib/contrib/infback9"
              ],
              "product": "gdal",
              "programFiles": [
                "inftree9.c\u200e"
              ],
              "vendor": "OSGeo",
              "versions": [
                {
                  "lessThan": "3.11.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules).\u003cp\u003e This vulnerability is associated with program files inftree9.C\u200e.\u003c/p\u003e\u003cp\u003eThis issue affects gdal: before 3.11.0.\u003c/p\u003e"
                }
              ],
              "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C\u200e.\n\nThis issue affects gdal: before 3.11.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "ATTACKED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:P/AU:Y/R:U/V:C/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T03:18:10.245Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/pull/12244"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2026-4738",
        "datePublished": "2026-03-24T03:18:10.245Z",
        "dateReserved": "2026-03-24T03:17:53.186Z",
        "dateUpdated": "2026-03-24T14:35:23.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-50899 (GCVE-0-2022-50899)

    Vulnerability from nvd – Published: 2026-01-13 22:51 – Updated: 2026-05-14 02:07
    VLAI
    Title
    Geonetwork 4.2.0 - XML External Entity (XXE)
    Summary
    Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    GeoNetwork GeoNetwork Affected: 3.10 , ≤ 4.2.0 (custom)
    Create a notification for this product.
    Date Public
    2022-07-29 00:00
    Credits
    Amel BOUZIANE-LEBLOND
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-50899",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T15:52:28.159438Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T19:20:51.974Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeoNetwork",
              "vendor": "GeoNetwork",
              "versions": [
                {
                  "lessThanOrEqual": "4.2.0",
                  "status": "affected",
                  "version": "3.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "4.2.0",
                      "versionStartIncluding": "3.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Amel BOUZIANE-LEBLOND"
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T02:07:00.169Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-50982",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/50982"
            },
            {
              "name": "GeoNetwork Official Homepage",
              "tags": [
                "product"
              ],
              "url": "https://geonetwork-opensource.org/"
            },
            {
              "name": "VulnCheck Advisory: Geonetwork 4.2.0 - XML External Entity (XXE)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/geonetwork-xml-external-entity-xxe"
            }
          ],
          "title": "Geonetwork 4.2.0 - XML External Entity (XXE)",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2022-50899",
        "datePublished": "2026-01-13T22:51:45.416Z",
        "dateReserved": "2026-01-10T15:05:18.988Z",
        "dateUpdated": "2026-05-14T02:07:00.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-58175 (GCVE-0-2025-58175)

    Vulnerability from cvelistv5 – Published: 2026-06-18 14:31 – Updated: 2026-06-18 15:26
    VLAI
    Title
    GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-611 - Improper Restriction of XML External Entity Reference
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    geoserver org.geoserver.web:gs-web-app Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    geoserver org.geoserver:gs-main Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-58175",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-18T15:25:52.864367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-18T15:26:07.311Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.web:gs-web-app",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            },
            {
              "product": "org.geoserver:gs-main",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). This vulnerability requires that GeoServer is set up to use a proxy base URL and the `ENTITY_RESOLUTION_ALLOWLIST` (default since 2.25.0). Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations are only affected by this vulnerability if they use a proxy base URL that does not contain a URL path or end with a slash. If the proxy base URL does not contain a path, adding a slash to the end of the URL will mitigate this vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "CWE-611: Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:31:19.757Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-x4r9-gmw3-hxww"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8622",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8622"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11867",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11867"
            }
          ],
          "source": {
            "advisory": "GHSA-x4r9-gmw3-hxww",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-58175",
        "datePublished": "2026-06-18T14:31:19.757Z",
        "dateReserved": "2025-08-27T13:34:56.189Z",
        "dateUpdated": "2026-06-18T15:26:07.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-52465 (GCVE-0-2025-52465)

    Vulnerability from cvelistv5 – Published: 2026-06-18 14:28 – Updated: 2026-06-24 03:56
    VLAI
    Title
    GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    geoserver org.geoserver.web:gs-web-app Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    geoserver org.geoserver.web:gs-web-sec-core Affected: < 2.26.4
    Affected: >= 2.27.0, < 2.27.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-52465",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:00.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.web:gs-web-app",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            },
            {
              "product": "org.geoserver.web:gs-web-sec-core",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.26.4"
                },
                {
                  "status": "affected",
                  "version": "\u003e= 2.27.0, \u003c 2.27.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a vulnerability exists that allows an authenticated administrator with access to GeoServer\u0027s security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to the target file, the target file can not already exist and all parent directories must already exist. Versions 2.26.4 and 2.27.3 contain a fix. GeoServer installations where the web interface is either disabled or completely removed are not affected since the vulnerability exists in one of the web pages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:28:41.270Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-7qmg-grcp-qf25"
            },
            {
              "name": "https://github.com/geoserver/geoserver/pull/8584",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/pull/8584"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOS-11852",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOS-11852"
            },
            {
              "name": "https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild"
            }
          ],
          "source": {
            "advisory": "GHSA-7qmg-grcp-qf25",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-52465",
        "datePublished": "2026-06-18T14:28:41.270Z",
        "dateReserved": "2025-06-17T02:28:39.716Z",
        "dateUpdated": "2026-06-24T03:56:00.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-27511 (GCVE-0-2025-27511)

    Vulnerability from cvelistv5 – Published: 2026-06-18 14:23 – Updated: 2026-06-24 03:56
    VLAI
    Title
    GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
    Summary
    GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27511",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:02.624Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "org.geoserver.extension:gs-db2",
              "vendor": "geoserver",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.27.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-18T14:23:01.788Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/geoserver/geoserver/security/advisories/GHSA-g628-r368-6vh7"
            },
            {
              "name": "https://github.com/geoserver/geoserver/releases/tag/2.27.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/geoserver/geoserver/releases/tag/2.27.0"
            },
            {
              "name": "https://nvd.nist.gov/vuln/detail/cve-2023-27867",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://nvd.nist.gov/vuln/detail/cve-2023-27867"
            },
            {
              "name": "https://osgeo-org.atlassian.net/browse/GEOT-7725",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://osgeo-org.atlassian.net/browse/GEOT-7725"
            }
          ],
          "source": {
            "advisory": "GHSA-g628-r368-6vh7",
            "discovery": "UNKNOWN"
          },
          "title": "GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-27511",
        "datePublished": "2026-06-18T14:23:01.788Z",
        "dateReserved": "2025-02-26T18:11:52.306Z",
        "dateUpdated": "2026-06-24T03:56:02.624Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45104 (GCVE-0-2026-45104)

    Vulnerability from cvelistv5 – Published: 2026-05-27 18:41 – Updated: 2026-06-01 17:08
    VLAI
    Title
    MapServer: NULL pointer dereference in SLD `<ElseFilter>` rule parsing reachable via WMS `SLD_BODY`
    Summary
    MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFilter/> — it assumes msSLDParseRule added one class. When the rule has no symbolizer (a structurally valid SLD), msSLDParseRule adds zero, and _SLDApplyRuleValues ends up indexing _class[-1], resulting in a NULL pointer dereference. A 200-byte well-formed SLD via the WMS SLD_BODY= parameter is enough to trigger this, no auth required. This vulnerability is fixed in 8.6.3.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    MapServer MapServer Affected: >= 6.4.0, < 8.6.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45104",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-01T17:05:19.453049Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-01T17:08:18.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MapServer",
              "vendor": "MapServer",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 6.4.0, \u003c 8.6.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any \u003cRule\u003e carrying \u003cElseFilter/\u003e \u2014 it assumes msSLDParseRule added one class. When the rule has no symbolizer (a structurally valid SLD), msSLDParseRule adds zero, and _SLDApplyRuleValues ends up indexing _class[-1], resulting in a NULL pointer dereference. A 200-byte well-formed SLD via the WMS SLD_BODY= parameter is enough to trigger this, no auth required. This vulnerability is fixed in 8.6.3."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129: Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476: NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T18:41:39.396Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m"
            }
          ],
          "source": {
            "advisory": "GHSA-4h8g-378q-r75m",
            "discovery": "UNKNOWN"
          },
          "title": "MapServer: NULL pointer dereference in SLD `\u003cElseFilter\u003e` rule parsing reachable via WMS `SLD_BODY`"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45104",
        "datePublished": "2026-05-27T18:41:39.396Z",
        "dateReserved": "2026-05-08T19:27:26.699Z",
        "dateUpdated": "2026-06-01T17:08:18.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49014 (GCVE-0-2026-49014)

    Vulnerability from cvelistv5 – Published: 2026-05-27 01:39 – Updated: 2026-05-27 13:52
    VLAI
    Summary
    In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    GDAL GDAL Affected: 3.1.0 , ≤ 3.13.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49014",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-27T13:51:40.806763Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T13:52:05.905Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/OSGeo/gdal/issues/14594"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "GDAL",
              "vendor": "GDAL",
              "versions": [
                {
                  "lessThanOrEqual": "3.13.0",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:gdal:gdal:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "3.13.0",
                      "versionStartIncluding": "3.1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T01:39:18.976Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/OSGeo/gdal/issues/14594"
            }
          ],
          "x_generator": {
            "engine": "CVE-Request-form 0.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2026-49014",
        "datePublished": "2026-05-27T01:39:18.976Z",
        "dateReserved": "2026-05-27T01:39:18.239Z",
        "dateUpdated": "2026-05-27T13:52:05.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8213 (GCVE-0-2026-8213)

    Vulnerability from cvelistv5 – Published: 2026-05-09 23:00 – Updated: 2026-05-11 17:31 X_Open Source
    VLAI
    Title
    OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow
    Summary
    A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8213",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T16:00:54.149327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T17:31:56.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Grid File Handler"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 3.13.0RC1 can resolve this issue. The identifier of the patch is 3e04c0385630e4d42517046d9a4967dfccfeb7fd. It is suggested to upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T23:00:17.283Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362430 | OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362430"
            },
            {
              "name": "VDB-362430 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362430/cti"
            },
            {
              "name": "Submit #808128 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808128"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14399"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-gdsdfldsrch_oob-read"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-09T09:14:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8213",
        "datePublished": "2026-05-09T23:00:17.283Z",
        "dateReserved": "2026-05-09T07:09:26.613Z",
        "dateUpdated": "2026-05-11T17:31:56.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8212 (GCVE-0-2026-8212)

    Vulnerability from cvelistv5 – Published: 2026-05-09 22:30 – Updated: 2026-05-11 14:56 X_Open Source
    VLAI
    Title
    OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow
    Summary
    A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8212",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T14:56:25.255773Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T14:56:32.914Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-09T22:30:12.527Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-362429 | OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/362429"
            },
            {
              "name": "VDB-362429 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/362429/cti"
            },
            {
              "name": "Submit #808127 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808127"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14398"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-swsdfldsrch_oob-read"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/3e04c0385630e4d42517046d9a4967dfccfeb7fd"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-09T09:14:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8212",
        "datePublished": "2026-05-09T22:30:12.527Z",
        "dateReserved": "2026-05-09T07:09:13.290Z",
        "dateUpdated": "2026-05-11T14:56:32.914Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42030 (GCVE-0-2026-42030)

    Vulnerability from cvelistv5 – Published: 2026-05-08 15:56 – Updated: 2026-05-08 21:26
    VLAI
    Title
    MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer
    Summary
    MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The vulnerability is triggered via FORMAT=application/openlayers combined with an unsanitized SRS parameter in WMS 1.3.0 requests. This issue has been patched in version 8.6.2.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    MapServer MapServer Affected: >= 6.0, < 8.6.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42030",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T17:12:03.204167Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:26:45.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MapServer",
              "vendor": "MapServer",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 6.0, \u003c 8.6.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer\u0027s WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The vulnerability is triggered via FORMAT=application/openlayers combined with an unsanitized SRS parameter in WMS 1.3.0 requests. This issue has been patched in version 8.6.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-08T15:56:48.553Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x"
            },
            {
              "name": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-2"
            }
          ],
          "source": {
            "advisory": "GHSA-4g9f-ph64-hg2x",
            "discovery": "UNKNOWN"
          },
          "title": "MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-42030",
        "datePublished": "2026-05-08T15:56:48.553Z",
        "dateReserved": "2026-04-23T16:05:01.708Z",
        "dateUpdated": "2026-05-08T21:26:45.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8088 (GCVE-0-2026-8088)

    Vulnerability from cvelistv5 – Published: 2026-05-07 19:30 – Updated: 2026-05-08 21:30 X_Open Source
    VLAI
    Title
    OSGeo gdal GDapi.c GDfieldinfo out-of-bounds
    Summary
    A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8088",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T14:37:33.333221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T21:30:21.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-Bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:30:11.704Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361841 | OSGeo gdal GDapi.c GDfieldinfo out-of-bounds",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361841"
            },
            {
              "name": "VDB-361841 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361841/cti"
            },
            {
              "name": "Submit #808040 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808040"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14379"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-gdapi-gdfinfo-dimlist-oob-read"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-07T14:39:38.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal GDapi.c GDfieldinfo out-of-bounds"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8088",
        "datePublished": "2026-05-07T19:30:11.704Z",
        "dateReserved": "2026-05-07T12:34:26.732Z",
        "dateUpdated": "2026-05-08T21:30:21.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8087 (GCVE-0-2026-8087)

    Vulnerability from cvelistv5 – Published: 2026-05-07 19:00 – Updated: 2026-05-08 14:18 X_Open Source
    VLAI
    Title
    OSGeo gdal GDapi.c GDnentries heap-based overflow
    Summary
    A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8087",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T14:17:56.094820Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T14:18:03.410Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is recommended to address this issue. The patch is named 184f77dbcc74118c062c05e464c88161d3c37b9b. You should upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T19:00:15.040Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361840 | OSGeo gdal GDapi.c GDnentries heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361840"
            },
            {
              "name": "VDB-361840 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361840/cti"
            },
            {
              "name": "Submit #808039 | OSGeo GDAL 3.13.0dev Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808039"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14363"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-gdinqfields_bof"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/184f77dbcc74118c062c05e464c88161d3c37b9b"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-07T14:39:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal GDapi.c GDnentries heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8087",
        "datePublished": "2026-05-07T19:00:15.040Z",
        "dateReserved": "2026-05-07T12:34:23.855Z",
        "dateUpdated": "2026-05-08T14:18:03.410Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8086 (GCVE-0-2026-8086)

    Vulnerability from cvelistv5 – Published: 2026-05-07 18:45 – Updated: 2026-05-07 19:53 X_Open Source
    VLAI
    Title
    OSGeo gdal SWapi.c SWnentries heap-based overflow
    Summary
    A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.12.4RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8086",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-07T19:50:27.573162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-07T19:53:07.538Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/808038"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/OSGeo/gdal/issues/14356"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.12.4RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.3,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T18:45:13.165Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361839 | OSGeo gdal SWapi.c SWnentries heap-based overflow",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361839"
            },
            {
              "name": "VDB-361839 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361839/cti"
            },
            {
              "name": "Submit #808038 | OSGeo GDAL 3.13.0dev Heap-based Buffer Overflow",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808038"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14356"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/pull/14361"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-07T14:39:32.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal SWapi.c SWnentries heap-based overflow"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8086",
        "datePublished": "2026-05-07T18:45:13.165Z",
        "dateReserved": "2026-05-07T12:34:19.931Z",
        "dateUpdated": "2026-05-07T19:53:07.538Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8084 (GCVE-0-2026-8084)

    Vulnerability from cvelistv5 – Published: 2026-05-07 18:30 – Updated: 2026-05-08 22:53 X_Open Source
    VLAI
    Title
    OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds
    Summary
    A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 3.13.0dev-4
    Unaffected: 3.13.0RC1
        cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    biniam (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8084",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-08T22:53:31.548814Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-08T22:53:55.692Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:osgeo:gdal:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "HDF-EOS Grid File Handler"
              ],
              "product": "gdal",
              "vendor": "OSGeo",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.13.0dev-4"
                },
                {
                  "status": "unaffected",
                  "version": "3.13.0RC1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "biniam (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 1.7,
                "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-Bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "Memory Corruption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T18:30:13.275Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-361838 | OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/361838"
            },
            {
              "name": "VDB-361838 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/361838/cti"
            },
            {
              "name": "Submit #808034 | OSGeo GDAL 3.13.0dev Out-of-Bounds Read",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/808034"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/tree/main/gdal_swfinfo_dimlist_oob-rw"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/OSGeo/gdal/issues/14378"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/biniamf/pocs/blob/main/gdal_swfinfo_dimlist_oob-rw"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/commit/a791f70f8eaec540974ec989ca6fb00266b7646c"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/releases/tag/v3.13.0RC1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/OSGeo/gdal/"
            }
          ],
          "tags": [
            "x_open-source"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-05-07T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-05-07T14:26:35.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-8084",
        "datePublished": "2026-05-07T18:30:13.275Z",
        "dateReserved": "2026-05-07T12:21:31.524Z",
        "dateUpdated": "2026-05-08T22:53:55.692Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33721 (GCVE-0-2026-33721)

    Vulnerability from cvelistv5 – Published: 2026-03-27 00:15 – Updated: 2026-04-17 17:18
    VLAI
    Title
    MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing
    Summary
    MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MapServer MapServer Affected: >= 4.2, < 8.6.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33721",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-30T11:51:50.279171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-30T11:52:01.621Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2026-04-17T17:18:03.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00017.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MapServer",
              "vendor": "MapServer",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 4.2, \u003c 8.6.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer\u2019s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-27T00:15:00.360Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp"
            },
            {
              "name": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MapServer/MapServer/releases/tag/rel-8-6-1"
            }
          ],
          "source": {
            "advisory": "GHSA-cv4m-mr84-fgjp",
            "discovery": "UNKNOWN"
          },
          "title": "MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-33721",
        "datePublished": "2026-03-27T00:15:00.360Z",
        "dateReserved": "2026-03-23T17:34:57.559Z",
        "dateUpdated": "2026-04-17T17:18:03.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-4738 (GCVE-0-2026-4738)

    Vulnerability from cvelistv5 – Published: 2026-03-24 03:18 – Updated: 2026-03-24 14:35
    VLAI
    Title
    GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution
    Summary
    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Impacted products
    Vendor Product Version
    OSGeo gdal Affected: 0 , < 3.11.0 (git)
    Create a notification for this product.
    Credits
    TITAN Team (titancaproject@gmail.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-4738",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-24T14:35:17.590340Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-24T14:35:23.904Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/OSGeo/gdal",
              "defaultStatus": "affected",
              "modules": [
                "frmts/zlib/contrib/infback9"
              ],
              "product": "gdal",
              "programFiles": [
                "inftree9.c\u200e"
              ],
              "vendor": "OSGeo",
              "versions": [
                {
                  "lessThan": "3.11.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "git"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "TITAN Team (titancaproject@gmail.com)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules).\u003cp\u003e This vulnerability is associated with program files inftree9.C\u200e.\u003c/p\u003e\u003cp\u003eThis issue affects gdal: before 3.11.0.\u003c/p\u003e"
                }
              ],
              "value": "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C\u200e.\n\nThis issue affects gdal: before 3.11.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "USER",
                "Safety": "PRESENT",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.4,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "ATTACKED",
                "privilegesRequired": "NONE",
                "providerUrgency": "AMBER",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "valueDensity": "CONCENTRATED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/S:P/AU:Y/R:U/V:C/RE:L/U:Amber",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "LOW"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-24T03:18:10.245Z",
            "orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
            "shortName": "GovTech CSG"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/OSGeo/gdal/pull/12244"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd",
        "assignerShortName": "GovTech CSG",
        "cveId": "CVE-2026-4738",
        "datePublished": "2026-03-24T03:18:10.245Z",
        "dateReserved": "2026-03-24T03:17:53.186Z",
        "dateUpdated": "2026-03-24T14:35:23.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-50899 (GCVE-0-2022-50899)

    Vulnerability from cvelistv5 – Published: 2026-01-13 22:51 – Updated: 2026-05-14 02:07
    VLAI
    Title
    Geonetwork 4.2.0 - XML External Entity (XXE)
    Summary
    Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-611 - Improper Restriction of XML External Entity Reference
    Assigner
    Impacted products
    Vendor Product Version
    GeoNetwork GeoNetwork Affected: 3.10 , ≤ 4.2.0 (custom)
    Create a notification for this product.
    Date Public
    2022-07-29 00:00
    Credits
    Amel BOUZIANE-LEBLOND
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-50899",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-14T15:52:28.159438Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-14T19:20:51.974Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GeoNetwork",
              "vendor": "GeoNetwork",
              "versions": [
                {
                  "lessThanOrEqual": "4.2.0",
                  "status": "affected",
                  "version": "3.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:osgeo:geonetwork:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "4.2.0",
                      "versionStartIncluding": "3.10",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Amel BOUZIANE-LEBLOND"
            }
          ],
          "datePublic": "2022-07-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-611",
                  "description": "Improper Restriction of XML External Entity Reference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-14T02:07:00.169Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-50982",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/50982"
            },
            {
              "name": "GeoNetwork Official Homepage",
              "tags": [
                "product"
              ],
              "url": "https://geonetwork-opensource.org/"
            },
            {
              "name": "VulnCheck Advisory: Geonetwork 4.2.0 - XML External Entity (XXE)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/geonetwork-xml-external-entity-xxe"
            }
          ],
          "title": "Geonetwork 4.2.0 - XML External Entity (XXE)",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2022-50899",
        "datePublished": "2026-01-13T22:51:45.416Z",
        "dateReserved": "2026-01-10T15:05:18.988Z",
        "dateUpdated": "2026-05-14T02:07:00.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }