CVE-2026-8086 - Vulnerability Analysis
MediumCVSS: 5.3Last Updated: May 8, 2026
OSGeo gdal - Buffer Overflow
Published: May 7, 2026Updated: May 8, 2026PoC Available
Overview
OSGeo gdal <= 3.13.0dev-4 contains a heap-based buffer overflow caused by manipulation of the "DimensionName" argument in SWnentries function of frmts/hdf4/hdf-eos/SWapi.c, letting local attackers cause memory corruption, exploit requires local access.
Severity & Score
Severity: Medium
CVSS Score: 5.3
Impact
Local attackers can cause memory corruption leading to potential code execution or denial of service.
Mitigation
Upgrade to version 3.12.4RC1 or later.
References
- https://github.com/OSGeo/gdal/
- https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636
- https://github.com/OSGeo/gdal/pull/14361
- https://vuldb.com/vuln/361839/cti
- https://github.com/OSGeo/gdal/issues/14356
- https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1
- https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof
- https://vuldb.com/submit/808038
- https://vuldb.com/vuln/361839
Related Resources
Details
- CVE ID
- CVE-2026-8086
- Severity
- Medium
- CVSS Score
- 5.3
- Type
- buffer_overflow
- Status
- confirmed
CWE
- CWE-119
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L