What is CVE-2026-49344?

CVE-2026-49344 is a vulnerability in Sourcentis Mercator, classified under Exposure of Private Personal Information to an Unauthorized Actor. Published 2026-06-19.

Is CVE-2026-49344 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sourcentis Mercator

CVE-2026-49344

Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/admin/queries/execute`) accepts a JSON DSL (`from` / `select` / `filters` / `traverse` / `ou…

Affected products

Sourcentis Mercator — versions < 2025.05.19

Weakness classification (CWE)

CWE-359 — Exposure of Private Personal Information to an Unauthorized Actor

Public proof-of-concept exploits

hadhub/CVE-2026-49344-Mercator-JSON-DSL

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-49344?: CVE-2026-49344 is a vulnerability in Sourcentis Mercator, classified under Exposure of Private Personal Information to an Unauthorized Actor. Published 2026-06-19.
Is CVE-2026-49344 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.