CVE-2026-30479 | OSGeo MapServer up to 7.x injection

VDB-356639 · CVE-2026-30479 · GCVE-0-2026-30479 OSGEO MAPSERVER UP TO 7.X INJECTION HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.3 $0-$5k 1.05+ Summaryinfo A vulnerability has been found in OSGeo MapServer up to 7.x and classified as critical. This affects an unknown function. The manipulation leads to injection. This vulnerability is traded as CVE-2026-30479. There is no exploit available. The affected component should be upgraded. Detailsinfo A vulnerability was found in OSGeo MapServer up to 7.x and classified as critical. This issue affects an unknown part. The manipulation with an unknown input leads to a injection vulnerability. Using CWE to declare the problem leads to CWE-74. The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. The summary by CVE is: A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable. The identification of this vulnerability is CVE-2026-30479 since 03/04/2026. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1055 according to MITRE ATT&CK. Upgrading to version 8.0 eliminates this vulnerability. Productinfo Vendor OSGeo Name MapServer Version 7.x CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.5 VulDB Meta Temp Score: 5.3 VulDB Base Score: 5.5 VulDB Temp Score: 5.3 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Injection CWE: CWE-74 / CWE-707 / CWE-20 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: MapServer 8.0 Timelineinfo 03/04/2026 CVE reserved 04/09/2026 +35 days Advisory disclosed 04/09/2026 +0 days VulDB entry created 04/09/2026 +0 days VulDB entry last update Sourcesinfo Status: Confirmed CVE: CVE-2026-30479 (🔒) GCVE (CVE): GCVE-0-2026-30479 GCVE (VulDB): GCVE-100-356639 Entryinfo Created: 04/09/2026 19:54 Changes: 04/09/2026 19:54 (53) Complete: 🔍 Cache ID: 99:5D4:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸