Vulnerabilities

Report: CVE-2026-42352 - pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber

2026-05-09 0 views admin

CVE ID :CVE-2026-42352 Published : May 8, 2026, 11:16 p.m. | 24 minutes ago Description :pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-42352

Severity

HIGH

Published

May 8, 2026

Affected Product: Python

🏷️ Tags

report42352pygeoapiunauthenticatedprocessessubscriberpublishedminutescvecve-2026-42352

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-42352 - pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-44313 - LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAn

Report: CVE-2026-42455 - LinkWarden: Stored XSS via Client-Side Archive Upload (Unsanitized HTML served f

Report: CVE-2026-6664 - PgBouncer integer overflow in PgBouncer network packet parsing - Complete Guide

Report: CVE-2026-41705 - Spring AI MilvusVectorStore Filter Expression Injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting