PatchSiren cyber security CVE debrief
CVE-2026-39921 GeoNode CVE debrief
CVE-2026-39921 is a server-side request forgery vulnerability in GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2. The vulnerability allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the doc_url parameter during document upload. This can lead to unauthorized access to internal network targets, loopback addresses, RFC1918 addresses, or cloud metadata services. Users of affected versions should apply patches or mitigations to prevent exploitation.
- Vendor
- GeoNode
- Product
- Unknown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-10
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-04-10
- Advisory updated
- 2026-07-14
Who should care
Users of GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 should apply patches or mitigations to prevent exploitation of this vulnerability. This includes operators, platform administrators, vulnerability management teams, and security teams responsible for ensuring the security of GeoNode deployments.
Technical summary
The vulnerability exists in the document upload feature of GeoNode, where an authenticated user can provide a malicious URL via the doc_url parameter, triggering an arbitrary outbound HTTP request. This can be used to access internal network targets, loopback addresses, RFC1918 addresses, or cloud metadata services. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Affected product deployments should be reviewed for exposure, and patches or updates should be applied to GeoNode versions 4.0 to 4.4.5 and 5.0 to 5.0.2. Additionally, restricting document upload permissions to trusted users and implementing SSRF mitigations such as private IP filtering or redirect validation can help prevent exploitation.
Defensive priority
Medium
Recommended defensive actions
- Apply patches or updates to GeoNode versions 4.0 to 4.4.5 and 5.0 to 5.0.2.
- Restrict document upload permissions to trusted users.
- Implement SSRF mitigations such as private IP filtering or redirect validation.
- Monitor for suspicious outbound HTTP requests.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-04-10T20:16:22.083Z and was last modified on 2026-07-14T21:16:47.213Z. The NVD entry is currently Modified. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected product deployments and review official advisories for validation.
Official resources
-
CVE-2026-39921 CVE record
CVE.org
-
CVE-2026-39921 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
- Source reference
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-10T20:16:22.083Z and has not been modified since then.