CVE-2026-8086

5.3 MEDIUM
Published: May 07, 2026 Modified: May 07, 2026
View on NVD

Description

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/OSGeo/gdal/
Source: cna@vuldb.com
https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636
Source: cna@vuldb.com
https://github.com/OSGeo/gdal/issues/14356
Source: cna@vuldb.com
https://github.com/OSGeo/gdal/pull/14361
Source: cna@vuldb.com
https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1
Source: cna@vuldb.com
https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof
Source: cna@vuldb.com
https://vuldb.com/submit/808038
Source: cna@vuldb.com
https://vuldb.com/vuln/361839
Source: cna@vuldb.com
https://vuldb.com/vuln/361839/cti
Source: cna@vuldb.com

9 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.3 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-119 CWE-122

Related CVEs

CVE-2026-8084 3.3
CVE-2026-8083 7.3
CVE-2026-44742 7.2
CVE-2026-44244 7.8
CVE-2026-44243 N/A