CVE-2026-42352

Published: Mag 09, 2026 Last Modified: Mag 09, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,6

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: high

Integrity: none

Availability: none

Description

AI Translation Available

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3.

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

https://github.com/geopython/pygeoapi/commit/3a63f5b0cc6275…

https://github.com/geopython/pygeoapi/commit/3a63f5b0cc6275e3ae0edb47726b13a43c…

https://github.com/geopython/pygeoapi/releases/tag/0.23.3

https://github.com/geopython/pygeoapi/security/advisories/G…

https://github.com/geopython/pygeoapi/security/advisories/GHSA-jgvc-94c8-3chc

CVE-2026-42352

Description

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Iscriviti alla newsletter