https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-06-08T18:30:37.301087+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/bf92b4da-13ad-4f1c-b1c4-d12c139f733b/exportbf92b4da-13ad-4f1c-b1c4-d12c139f733b2026-06-08T18:30:37.651759+00:00Automation userhttps://cvepremium.circl.lu/user/automation{"uuid": "bf92b4da-13ad-4f1c-b1c4-d12c139f733b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "PYSEC-2026-61", "type": "seen", "source": "https://gist.github.com/alon710/56fac469b83d68f32bede1d2945e0063", "content": "# CVE-2026-39922: CVE-2026-39922: Server-Side Request Forgery in GeoNode Service Registration Endpoint\n\n> **CVSS Score:** 6.3\n> **Published:** 2026-06-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-39922\n\n## Summary\nGeoNode versions prior to 4.4.5 and 5.0.2 are vulnerable to Server-Side Request Forgery (SSRF) in the service registration endpoint. Authenticated attackers with low privileges can exploit insufficient input validation in the Web Map Service (WMS) registration module to force the application server to make outbound network queries to loopback addresses, private RFC1918 subnets, link-local scopes, and cloud metadata endpoints. This technical report details the mechanics of the vulnerability, the underlying architectural flaw, and how to effectively remediate and mitigate the associated security risks.\n\n## TL;DR\nAuthenticated attackers can exploit a Server-Side Request Forgery (SSRF) flaw in GeoNode's service registration workflow to probe internal networks, port scan local services, and query cloud metadata endpoints by supplying crafted service URLs.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-918 (Server-Side Request Forgery)\n- **Attack Vector**: Network (AV:N)\n- **CVSS v3.1 Base Score**: 6.3 (Medium)\n- **EPSS Score**: 0.00044\n- **Impact**: Internal Port Scanning, Cloud Metadata Extraction, and Subnet Reconnaissance\n- **Exploit Status**: Proof of Concept (PoC) documented\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- GeoNode 4.0.0 through 4.4.4\n- GeoNode 5.0.0 through 5.0.1\n- **GeoNode**: >= 4.0.0, < 4.4.5 (Fixed in: `4.4.5`)\n- **GeoNode**: >= 5.0.0, < 5.0.2 (Fixed in: `5.0.2`)\n\n## Mitigation\n\n- Upgrade GeoNode to version 4.4.5, 5.0.2, or subsequent releases\n- Implement outbound network egress firewall rules to block private, loopback, and link-local ranges\n- Enforce AWS Instance Metadata Service Version 2 (IMDSv2) with hop limit configuration\n- Restrict remote service registration permissions within GeoNode to trusted administrators\n\n**Remediation Steps:**\n1. Verify the current installed version of GeoNode within the target deployment\n2. Update the Python environment or container images to target version 4.4.5 or 5.0.2\n3. Configure network firewall configurations to explicitly drop traffic from the application server directed to 127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, and 169.254.169.254\n4. Restrict user capabilities for service registration in the Django administration panel\n\n## References\n\n- [GeoNode Security Advisory GHSA-hw9r-6m78-w6h3](https://github.com/GeoNode/geonode/security/advisories/GHSA-hw9r-6m78-w6h3)\n- [VulnCheck Security Advisory](https://www.vulncheck.com/advisories/geonode-ssrf-via-service-registration)\n- [PyPA Advisory Database Record](https://github.com/pypa/advisory-database/tree/main/vulns/geonode/PYSEC-2026-61.yaml)\n- [NVD CVE-2026-39922 Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-39922)\n- [CVE Org Database Entry](https://www.cve.org/CVERecord?id=CVE-2026-39922)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-39922) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-08T15:11:10.000000Z"}2026-06-08T15:11:10+00:00