Out-of-Bounds Read Vulnerability in OSGeo GDAL Software
CVE-2026-8088

4.8MEDIUM

Key Information:

Vendor: Osgeo
Status: Gdal
Vendor: CVE Published:; 7 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-8088?

A weakness exists in the OSGeo GDAL library, particularly within the GDfieldinfo function of the GDapi.c file, which may allow an out-of-bounds read. This vulnerability can be exploited locally with a specific manipulation on affected versions. Publicly available exploits highlight the urgency for remediation. Users are strongly advised to upgrade to version 3.13.0RC1, which includes a patch to address this issue effectively.

Affected Version(s)

gdal 3.13.0dev-4

gdal 3.13.0RC1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-8088 - Proof of Concept

References

https://vuldb.com/vuln/361841

vdb-entrytechnical-description

https://vuldb.com/vuln/361841/cti

signaturepermissions-required

https://vuldb.com/submit/808040

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 7, 2026
👾
Exploit known to exist
May 7, 2026
Vulnerability published
May 7, 2026
Vulnerability Reserved
May 7, 2026

Credit

biniam (VulDB User)

CVE-2026-8088 Data

JSON

Osgeo

Badges

What is CVE-2026-8088?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit