RCE in Camptocamp Mapfish_print
CVE-2026-44672
mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. T…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.001 (27.6th percentile) — read the EPSS interpretation.
Affected products
- Camptocamp Mapfish_print — versions >= 3.23.0, < 3.28.28, >= 3.29.0, < 3.30.30, >= 3.31.0, < 3.31.21
- Mapfish Mapfish-print — versions >= 3.23.0, < 3.28.28, >= 3.29.0, < 3.30.30, >= 3.31.0, < 3.31.21
- Org.mapfish Print.print-lib — versions >= 3.23.0, < 3.28.28, >= 3.29.0, < 3.30.30, >= 3.31.0, < 3.31.21
- Org.mapfish Print.print-servlet — versions >= 3.23.0, < 3.28.28, >= 3.29.0, < 3.30.30, >= 3.31.0, < 3.31.21
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)