What is CVE-2026-42352?

CVE-2026-42352 is a high-severity vulnerability in Geopython Pygeoapi, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.6/10. Published 2026-05-08.

How severe is CVE-2026-42352?

High severity. CVSS v3 base score is 8.6 out of 10.

SSRF in Geopython Pygeoapi

CVE-2026-42352

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.000 (6.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Geopython Pygeoapi — versions >= 0.23.0, < 0.23.3

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-42352?: CVE-2026-42352 is a high-severity vulnerability in Geopython Pygeoapi, classified under Server-Side Request Forgery (SSRF). CVSS score: 8.6/10. Published 2026-05-08.
How severe is CVE-2026-42352?: High severity. CVSS v3 base score is 8.6 out of 10.