CVE-2026-42352 - pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber
CVE ID :CVE-2026-42352 Published : May 8, 2026, 10:31 p.m. | 32 minutes ago Description :pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] AI Is Breaking Two Vulnerability Cultures — And Vibe Coders Are About to Get Caught in the Middle
- [CYBER] Why AI agent governance feels harder than traditional security models
- [CYBER] Seclens: Role-specific Evaluation of LLM's for security vulnerablity detection
- [CYBER] CVE-2026-42307 - Vim: OS Command Injection in netrw
- [CYBER] CVE-2026-42350 - Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
- [CYBER] CVE-2026-42351 - pygeoapi: Path Traversal in STAC FileSystemProvider