Improper Memory Buffer Management in OSGeo GDAL Product
CVE-2026-4738

9.4CRITICAL

Key Information:

Vendor: Osgeo
Status: Gdal
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-4738?

A vulnerability in OSGeo's GDAL product arises from improper management of memory buffers in specific components, particularly affecting the infback9 modules in inftree9.C‎. This flaw could lead to unauthorized access or manipulation of program files. Users of versions prior to 3.11.0 are at risk and should consider applying available patches to mitigate potential exploits.

Affected Version(s)

gdal 0

References

https://github.com/OSGeo/gdal/pull/12244

patch

CVSS V4

Score:

9.4

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Mar 24, 2026

Credit

TITAN Team (titancaproject@gmail.com)

CVE-2026-4738 Data

JSON

Osgeo

What is CVE-2026-4738?

Affected Version(s)

References

CVSS V4

Timeline

Credit