CVE-2026-45104

Name of the Vulnerable Software and Affected Versions MapServer versions 6.4.0 through 8.6.2

Description A NULL pointer dereference occurs when the msSLDParseUserStyle function calls SLDApplyRuleValues(psRule, psLayer, 1) for any <Rule> containing an <ElseFilter/>. The system assumes msSLDParseRule added one class; however, if the rule lacks a symbolizer, msSLDParseRule adds zero classes, leading the system to index class[-1]. This can be triggered without authentication using a well-formed 200-byte SLD via the 'SLD BODY=' parameter in the WMS endpoint.

Recommendations Update to version 8.6.3.