{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30479", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-14T16:35:23.231Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T15:59:44.620Z"}, "descriptions": [{"lang": "en", "value": "A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://mapserver.org/index.html"}, {"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "references": [{"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T14:53:38.166328Z", "id": "CVE-2026-30479", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:35:23.231Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30479", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T14:53:38.166328Z"}}}], "references": [{"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T14:54:12.018Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://mapserver.org/index.html"}, {"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479"}], "descriptions": [{"lang": "en", "value": "A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T15:59:44.620Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30479", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:35:23.231Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable."}], "id": "CVE-2026-30479", "lastModified": "2026-04-14T17:16:49.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-09T17:16:24.730", "references": [{"source": "cve@mitre.org", "url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479"}, {"source": "cve@mitre.org", "url": "https://mapserver.org/index.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,8.0)"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mapserver", "vendor": "mapserver"}], "analysis": {"en": {"generated_at": "2026-04-15T19:40:09.944203+00:00", "value": {"mitigation_remediation": ["Apply the latest MapServer release (v8.0 or newer).", "If upgrading is not immediately possible, disable the ability to load external DLLs or restrict access to the executable upload paths.", "Monitor the system for abnormal executable activity or DLL loading events."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The OSGeo Project MapServer, in all releases prior to version 8.0, is affected. No specific patch level is listed, so all pre\u20118.0 releases should be treated as vulnerable.", "description_and_impact": "This vulnerability is a DLL injection that allows an attacker to supply a crafted executable to MapServer, causing it to load malicious DLLs and execute arbitrary code. The flaw is based on common weaknesses in handling dynamic libraries and can lead to full compromise of the system running the service, including confidentiality, integrity, and availability of all hosted data.", "risk_and_exploitability": "The CVSS score of 9.1 indicates a high severity issue, and the EPSS score of less than 1% suggests that exploitation is currently unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a crafted executable supplied to the vulnerable MapServer instance; based on the description, it is inferred that an attacker who can influence the executable files processed by the server can achieve code execution with the privileges of the MapServer process."}}}}, "created": "2026-04-10T08:54:01.908682+00:00", "title": "DLL Injection in MapServer Pre-8.0 Enabling Arbitrary Code Execution", "updated": "2026-04-15T19:45:12.727040+00:00", "vendors": ["mapserver", "mapserver$PRODUCT$mapserver"]}