mapfish-print: Remote Code Injection (RCE) in Dynamic table_CVE-2026-44672

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3.

AI Analysis

Remote Code Injection (RCE) vulnerability in Dynamic table, allowing arbitrary code execution without authentication

Basic Information

ID CVE-2026-44672

Source GitHub_M

Published May 28, 2026 at 14:35

Modified May 28, 2026 at 15:26

Affected Product

Vendor mapfish

Product mapfish-print

Version >= 3.23.0, < 3.28.28

Affected Versions mapfish mapfish-print >= 3.23.0, < 3.28.28
mapfish mapfish-print >= 3.29.0, < 3.30.30
mapfish mapfish-print >= 3.31.0, < 3.31.21
mapfish mapfish-print >= 3.32.0, < 3.33.14
mapfish mapfish-print >= 3.34.0, < 4.0.3
camptocamp mapfish_print >= 3.23.0, < 3.28.28
camptocamp mapfish_print >= 3.29.0, < 3.30.30
camptocamp mapfish_print >= 3.31.0, < 3.31.21
camptocamp mapfish_print >= 3.32.0, < 3.33.14
camptocamp mapfish_print >= 3.34.0, < 4.0.3
org.mapfish print.print-lib >= 3.23.0, < 3.28.28
org.mapfish print.print-lib >= 3.29.0, < 3.30.30
org.mapfish print.print-lib >= 3.31.0, < 3.31.21
org.mapfish print.print-lib >= 3.32.0, < 3.33.14
org.mapfish print.print-lib >= 3.34.0, < 4.0.3
org.mapfish print.print-servlet >= 3.23.0, < 3.28.28
org.mapfish print.print-servlet >= 3.29.0, < 3.30.30
org.mapfish print.print-servlet >= 3.31.0, < 3.31.21
org.mapfish print.print-servlet >= 3.32.0, < 3.33.14
org.mapfish print.print-servlet >= 3.34.0, < 4.0.3

CWE Classification

CWE-94

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor MapFish

Product mapfish-print

Version 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3

References

github.com /mapfish/mapfish-print/security/advisories/GHSA-q7m6-wpvf-mvwx

{
    "lastseen": "",
    "description": "mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code  in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3.",
    "published": "2026-05-28T14:35:29.378Z",
    "modified": "2026-05-28T15:26:01.990Z",
    "type": "cve",
    "title": "mapfish-print: Remote Code Injection (RCE) in Dynamic table",
    "source": "GitHub_M",
    "references": "https://github.com/mapfish/mapfish-print/security/advisories/GHSA-q7m6-wpvf-mvwx",
    "id": "CVE-2026-44672",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "mapfish mapfish-print >= 3.23.0, < 3.28.28\nmapfish mapfish-print >= 3.29.0, < 3.30.30\nmapfish mapfish-print >= 3.31.0, < 3.31.21\nmapfish mapfish-print >= 3.32.0, < 3.33.14\nmapfish mapfish-print >= 3.34.0, < 4.0.3\ncamptocamp mapfish_print >= 3.23.0, < 3.28.28\ncamptocamp mapfish_print >= 3.29.0, < 3.30.30\ncamptocamp mapfish_print >= 3.31.0, < 3.31.21\ncamptocamp mapfish_print >= 3.32.0, < 3.33.14\ncamptocamp mapfish_print >= 3.34.0, < 4.0.3\norg.mapfish print.print-lib >= 3.23.0, < 3.28.28\norg.mapfish print.print-lib >= 3.29.0, < 3.30.30\norg.mapfish print.print-lib >= 3.31.0, < 3.31.21\norg.mapfish print.print-lib >= 3.32.0, < 3.33.14\norg.mapfish print.print-lib >= 3.34.0, < 4.0.3\norg.mapfish print.print-servlet >= 3.23.0, < 3.28.28\norg.mapfish print.print-servlet >= 3.29.0, < 3.30.30\norg.mapfish print.print-servlet >= 3.31.0, < 3.31.21\norg.mapfish print.print-servlet >= 3.32.0, < 3.33.14\norg.mapfish print.print-servlet >= 3.34.0, < 4.0.3",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mapfish-print",
    "version": ">= 3.23.0, < 3.28.28",
    "vendor": "mapfish",
    "ai_description": "Remote Code Injection (RCE) vulnerability in Dynamic table, allowing arbitrary code execution without authentication",
    "ai_severity": "Critical",
    "ai_vendor": "MapFish",
    "ai_product": "mapfish-print",
    "ai_version": "3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3",
    "ai_score": 9.3
}