PT-2026-40588 · Unknown · Mapfish-Print
Sbrunner
·
Published
2026-05-13
·
Updated
2026-05-28
·
CVE-2026-44672
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Mapfish Print versions prior to 3.28.28
Mapfish Print versions prior to 3.30.30
Mapfish Print versions prior to 3.31.21
Mapfish Print versions prior to 3.33.14
Mapfish Print versions prior to 4.0.3
Description
A critical flaw in dynamic table generation allows unauthenticated attackers to supply crafted external inputs that are improperly neutralized and executed as system code. This enables remote code execution (RCE), which is the ability to run arbitrary commands on a target machine, granting attackers full control over the compromised server.
Recommendations
Upgrade to version 3.28.28.
Upgrade to version 3.30.30.
Upgrade to version 3.31.21.
Upgrade to version 3.33.14.
Upgrade to version 4.0.3.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mapfish-Print