PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-39922 GeoNode CVE debrief

CVE-2026-39922 is a server-side request forgery vulnerability in GeoNode versions 4.4.5 and 5.0.2. Authenticated attackers can trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. The vulnerability allows probing of internal network targets, including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services, due to insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement.

Vendor
GeoNode
Product
Unknown
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-10
Original CVE updated
2026-07-14
Advisory published
2026-04-10
Advisory updated
2026-07-14

Who should care

GeoNode users and administrators should be aware of this vulnerability and take steps to mitigate it. This vulnerability is particularly concerning for organizations that use GeoNode to interact with external services or have sensitive internal network resources.

Technical summary

The vulnerability exists in the service registration endpoint of GeoNode, allowing authenticated attackers to submit crafted service URLs that trigger outbound network requests to arbitrary destinations. This can be exploited to probe internal network targets, including loopback addresses, private IP ranges, link-local addresses, and cloud metadata services. The issue arises from insufficient URL validation in the WMS service handler, which lacks private IP filtering or allowlist enforcement.

Defensive priority

Medium

Recommended defensive actions

  • Update GeoNode to a version that fixes the vulnerability, if available
  • Implement private IP filtering and allowlist enforcement for the WMS service handler
  • Restrict access to the service registration endpoint to trusted users and services
  • Monitor network activity for suspicious outbound requests
  • Consider implementing additional security controls, such as web application firewalls or intrusion detection systems

Evidence notes

The CVE record was published on 2026-04-10T20:16:22.270Z and was last modified on 2026-07-14T21:16:47.350Z. The NVD entry is currently Modified. The vulnerability has a CVSS score of 5.3 and a severity of Medium.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-10T20:16:22.270Z and has not been modified since then. The NVD entry is currently Modified.