CVE-2026-42351 - pygeoapi: Path Traversal in STAC FileSystemProvider
CVE ID :CVE-2026-42351 Published : May 8, 2026, 10:31 p.m. | 32 minutes ago Description :pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvid
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] AI Is Breaking Two Vulnerability Cultures — And Vibe Coders Are About to Get Caught in the Middle
- [CYBER] Why AI agent governance feels harder than traditional security models
- [CYBER] Seclens: Role-specific Evaluation of LLM's for security vulnerablity detection
- [CYBER] CVE-2026-42307 - Vim: OS Command Injection in netrw
- [CYBER] CVE-2026-42350 - Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
- [CYBER] CVE-2026-42352 - pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber