Heap-based Buffer Overflow in OSGeo gdal Grid File Handler
CVE-2026-8213

4.8MEDIUM

Key Information:

Vendor: Osgeo
Status: Gdal
Vendor: CVE Published:; 9 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-8213?

A vulnerability exists in the Grid File Handler of OSGeo gdal, specifically within the GDSDfldsrch function in the GDapi.c file. This flaw can lead to a heap-based buffer overflow, which could allow attackers to exploit the vulnerability locally. The issue has been publicly disclosed and it is highly recommended to upgrade to version 3.13.0RC1, which includes a patch to resolve the potential exploit.

Affected Version(s)

gdal 3.13.0dev-4

gdal 3.13.0RC1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-8213 - Proof of Concept

References

https://vuldb.com/vuln/362430

vdb-entrytechnical-description

https://vuldb.com/vuln/362430/cti

signaturepermissions-required

https://vuldb.com/submit/808128

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 9, 2026
👾
Exploit known to exist
May 9, 2026
Vulnerability published
May 9, 2026
Vulnerability Reserved
May 9, 2026

Credit

biniam (VulDB User)

CVE-2026-8213 Data

JSON

Osgeo