mapfish-print: Remote Code Injection (RCE) in Dynamic table
Summary
| CVE | CVE-2026-44672 |
|---|---|
| State | PUBLISHED |
| Assigner | GitHub_M |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-28 16:16:24 UTC |
| Updated | 2026-05-28 16:16:24 UTC |
| Description | mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3. |
Risk And Classification
Primary CVSS: v4.0 9.3 CRITICAL from [email protected]
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS: 0.000780000 probability, percentile 0.232470000 (date 2026-05-31)
Problem Types: CWE-94 | CWE-94 CWE-94: Improper Control of Generation of Code ('Code Injection')
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 9.3 | CRITICAL | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/C... |
| 4.0 | CNA | DECLARED | 9.3 | CRITICAL | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
CVSS v4.0 Breakdown
Attack Vector
NetworkAttack Complexity
LowAttack Requirements
NonePrivileges Required
NoneUser Interaction
NoneConfidentiality
HighIntegrity
HighAvailability
HighSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Mapfish | Mapfish-print | affected >= 3.23.0, < 3.28.28 | Not specified |
| CNA | Mapfish | Mapfish-print | affected >= 3.29.0, < 3.30.30 | Not specified |
| CNA | Mapfish | Mapfish-print | affected >= 3.31.0, < 3.31.21 | Not specified |
| CNA | Mapfish | Mapfish-print | affected >= 3.32.0, < 3.33.14 | Not specified |
| CNA | Mapfish | Mapfish-print | affected >= 3.34.0, < 4.0.3 | Not specified |
| CNA | Camptocamp | Mapfish Print | affected >= 3.23.0, < 3.28.28 | Not specified |
| CNA | Camptocamp | Mapfish Print | affected >= 3.29.0, < 3.30.30 | Not specified |
| CNA | Camptocamp | Mapfish Print | affected >= 3.31.0, < 3.31.21 | Not specified |
| CNA | Camptocamp | Mapfish Print | affected >= 3.32.0, < 3.33.14 | Not specified |
| CNA | Camptocamp | Mapfish Print | affected >= 3.34.0, < 4.0.3 | Not specified |
| CNA | Org.mapfish | Print.print-lib | affected >= 3.23.0, < 3.28.28 | Not specified |
| CNA | Org.mapfish | Print.print-lib | affected >= 3.29.0, < 3.30.30 | Not specified |
| CNA | Org.mapfish | Print.print-lib | affected >= 3.31.0, < 3.31.21 | Not specified |
| CNA | Org.mapfish | Print.print-lib | affected >= 3.32.0, < 3.33.14 | Not specified |
| CNA | Org.mapfish | Print.print-lib | affected >= 3.34.0, < 4.0.3 | Not specified |
| CNA | Org.mapfish | Print.print-servlet | affected >= 3.23.0, < 3.28.28 | Not specified |
| CNA | Org.mapfish | Print.print-servlet | affected >= 3.29.0, < 3.30.30 | Not specified |
| CNA | Org.mapfish | Print.print-servlet | affected >= 3.31.0, < 3.31.21 | Not specified |
| CNA | Org.mapfish | Print.print-servlet | affected >= 3.32.0, < 3.33.14 | Not specified |
| CNA | Org.mapfish | Print.print-servlet | affected >= 3.34.0, < 4.0.3 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/mapfish/mapfish-print/security/advisories/GHSA-q7m6-wpvf-mvwx | [email protected] | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.