CVE-2026-42352

Name of the Vulnerable Software and Affected Versions pygeoapi versions 0.23.0 through 0.23.2

Description OGC API process execution requests can utilize the subscriber object to make requests to internal HTTP services. This allows for unauthorized interaction with internal network resources.

Recommendations Update to version 0.23.3. As a temporary workaround, disable process based resources in the pygeoapi configuration.