Vulnerabilities ›

CVE-2026-8086

Medium

CWE-119 — Weakness Type

                    Published: May 7, 2026                      ·  Modified: May 7, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.

🤖 AI Executive Summary

A heap-based buffer overflow vulnerability exists in OSGeo GDAL versions up to 3.13.0dev-4 in the SWnentries function when processing malformed DimensionName arguments. Local attackers can exploit this publicly disclosed vulnerability to cause denial of service or potentially execute arbitrary code.

📄 Description (Arabic)

تؤثر هذه الثغرة على دالة SWnentries في ملف frmts/hdf4/hdf-eos/SWapi.c بمكتبة OSGeo GDAL. يمكن للمهاجمين المحليين استغلال معالجة معاملات DimensionName المشوهة لتجاوز حدود المخزن المؤقت في الذاكرة. الاستغلال متاح علناً وقد يتم استخدامه من قبل الجهات الفاعلة الضارة.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 05:04

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government energy telecom

🎯 MITRE ATT&CK Techniques

T1190 T1068

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade OSGeo GDAL to version 3.12.4RC1 or later immediately. Apply patch 9491e794f1757f08063ea2f7a274ad2994afa636. Restrict local access to systems running vulnerable GDAL versions. Monitor for suspicious file processing activities involving HDF4 datasets.

🔧 خطوات المعالجة (العربية)

قم بترقية مكتبة OSGeo GDAL إلى الإصدار 3.12.4RC1 أو أحدث فوراً. طبق التصحيح 9491e794f1757f08063ea2f7a274ad2994afa636. قيد الوصول المحلي للأنظمة التي تشغل إصدارات GDAL المعرضة للخطر. راقب الأنشطة المريبة المتعلقة بمعالجة ملفات HDF4.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

27001:A.12.6.1 27001:A.14.2.1

🔗 References & Sources 9

🔗

https://github.com/OSGeo/gdal/

cna@vuldb.com

🔗

https://github.com/OSGeo/gdal/commit/9491e794f1757f08063ea2f7a274ad2994afa636

cna@vuldb.com

🔗

https://github.com/OSGeo/gdal/issues/14356

cna@vuldb.com

🔗

https://github.com/OSGeo/gdal/pull/14361

cna@vuldb.com

🔗

https://github.com/OSGeo/gdal/releases/tag/v3.12.4RC1

cna@vuldb.com

🔗

https://github.com/biniamf/pocs/tree/main/gdal-swinqdims_bof

cna@vuldb.com

🔗

https://vuldb.com/submit/808038

cna@vuldb.com

🔗

https://vuldb.com/vuln/361839

cna@vuldb.com

🔗

https://vuldb.com/vuln/361839/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-119

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-05-07

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-8086

💬 Comments

Introduce Yourself

Sign In Required