Description
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.
Published: 2026-04-09
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

This vulnerability is a DLL injection that allows an attacker to supply a crafted executable to MapServer, causing it to load malicious DLLs and execute arbitrary code. The flaw is based on common weaknesses in handling dynamic libraries and can lead to full compromise of the system running the service, including confidentiality, integrity, and availability of all hosted data.

Affected Systems

The OSGeo Project MapServer, in all releases prior to version 8.0, is affected. No specific patch level is listed, so all pre‑8.0 releases should be treated as vulnerable.

Risk and Exploitability

The CVSS score of 9.1 indicates a high severity issue, and the EPSS score of less than 1% suggests that exploitation is currently unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a crafted executable supplied to the vulnerable MapServer instance; based on the description, it is inferred that an attacker who can influence the executable files processed by the server can achieve code execution with the privileges of the MapServer process.

Generated by OpenCVE AI on April 15, 2026 at 19:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest MapServer release (v8.0 or newer).
  • If upgrading is not immediately possible, disable the ability to load external DLLs or restrict access to the executable upload paths.
  • Monitor the system for abnormal executable activity or DLL loading events.

Generated by OpenCVE AI on April 15, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Title DLL Injection in MapServer Pre-8.0 Enabling Arbitrary Code Execution

Wed, 15 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Title MapServer DLL Injection Allows Arbitrary Code Execution on Versions Prior to 8.0
Weaknesses CWE-73
CWE-78

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Title MapServer DLL Injection Allows Arbitrary Code Execution on Versions Prior to 8.0
Weaknesses CWE-73
CWE-78

Fri, 10 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Mapserver
Mapserver mapserver
Vendors & Products Mapserver
Mapserver mapserver

Thu, 09 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.
References

Subscriptions

Mapserver Mapserver
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T16:35:23.231Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30479

cve-icon Vulnrichment

Updated: 2026-04-14T14:54:12.018Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-09T17:16:24.730

Modified: 2026-04-14T17:16:49.510

Link: CVE-2026-30479

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T19:45:12Z

Weaknesses