PatchSiren cyber security CVE debrief
CVE-2026-39922 GeoNode CVE debrief
CVE-2026-39922 is a server-side request forgery vulnerability in GeoNode versions 4.4.5 and 5.0.2. Authenticated attackers can trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. The vulnerability allows probing of internal network targets, including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services, due to insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement.
- Vendor
- GeoNode
- Product
- Unknown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-10
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-04-10
- Advisory updated
- 2026-07-14
Who should care
GeoNode users and administrators should be aware of this vulnerability and take steps to mitigate it. This vulnerability is particularly concerning for organizations that use GeoNode to interact with external services or have sensitive internal network resources.
Technical summary
The vulnerability exists in the service registration endpoint of GeoNode, allowing authenticated attackers to submit crafted service URLs that trigger outbound network requests to arbitrary destinations. This can be exploited to probe internal network targets, including loopback addresses, private IP ranges, link-local addresses, and cloud metadata services. The issue arises from insufficient URL validation in the WMS service handler, which lacks private IP filtering or allowlist enforcement.
Defensive priority
Medium
Recommended defensive actions
- Update GeoNode to a version that fixes the vulnerability, if available
- Implement private IP filtering and allowlist enforcement for the WMS service handler
- Restrict access to the service registration endpoint to trusted users and services
- Monitor network activity for suspicious outbound requests
- Consider implementing additional security controls, such as web application firewalls or intrusion detection systems
Evidence notes
The CVE record was published on 2026-04-10T20:16:22.270Z and was last modified on 2026-07-14T21:16:47.350Z. The NVD entry is currently Modified. The vulnerability has a CVSS score of 5.3 and a severity of Medium.
Official resources
-
CVE-2026-39922 CVE record
CVE.org
-
CVE-2026-39922 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-10T20:16:22.270Z and has not been modified since then. The NVD entry is currently Modified.