CVE-2026-42352

high

Description

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3.

References

https://github.com/geopython/pygeoapi/security/advisories/GHSA-jgvc-94c8-3chc

https://github.com/geopython/pygeoapi/releases/tag/0.23.3

https://github.com/geopython/pygeoapi/commit/3a63f5b0cc6275e3ae0edb47726b13a43cdd90ef

Details

Source: Mitre, NVD

Published: 2026-05-08

Updated: 2026-05-12

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 8.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00045