CVE-2026-44672

Published: May 28, 2026

Modified: May 28, 2026

PUBLISHED

Description

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3.

Vendor	Product	Versions
mapfish	mapfish-print	affected `>= 3.23.0, < 3.28.28` affected `>= 3.29.0, < 3.30.30` affected `>= 3.31.0, < 3.31.21` affected `>= 3.32.0, < 3.33.14` affected `>= 3.34.0, < 4.0.3`
camptocamp	mapfish_print	affected `>= 3.23.0, < 3.28.28` affected `>= 3.29.0, < 3.30.30` affected `>= 3.31.0, < 3.31.21` affected `>= 3.32.0, < 3.33.14` affected `>= 3.34.0, < 4.0.3`
org.mapfish	print.print-lib	affected `>= 3.23.0, < 3.28.28` affected `>= 3.29.0, < 3.30.30` affected `>= 3.31.0, < 3.31.21` affected `>= 3.32.0, < 3.33.14` affected `>= 3.34.0, < 4.0.3`
org.mapfish	print.print-servlet	affected `>= 3.23.0, < 3.28.28` affected `>= 3.29.0, < 3.30.30` affected `>= 3.31.0, < 3.31.21` affected `>= 3.32.0, < 3.33.14` affected `>= 3.34.0, < 4.0.3`

Weaknesses (CWE)

CWE-94

References

https://github.com/mapfish/mapfish-print/security/advisories/GHSA-q7m6-wpvf-mvwx

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-44672

Description

Affected Products

Weaknesses (CWE)

References