CVE-2026-30479
Published: 09 April 2026
Summary
CVE-2026-30479 is a critical-severity Code Injection (CWE-94) vulnerability in Mapserver (inferred from references). Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Dynamic-link Library Injection (T1055.001); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-30479 is a Dynamic-link Library (DLL) Injection vulnerability, classified as CWE-94, affecting OSGeo Project MapServer versions before 8.0. Published on April 9, 2026, this flaw allows attackers to execute arbitrary code through a crafted executable interacting with the software.
The vulnerability has a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating it is exploitable over the network with low attack complexity, no required privileges or user interaction, and unchanged scope. Remote, unauthenticated attackers can leverage it to execute arbitrary code, resulting in high impacts to confidentiality and integrity but no availability disruption.
Mitigation requires upgrading to MapServer version 8.0 or later, as the vulnerability affects prior releases. Further technical details are documented in the research repository at https://github.com/penjaminTester/Research/tree/main/CVE-2026-30479 and on the official MapServer site at https://mapserver.org/.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-20932
Vulnerability details
A Dynamic-link Library Injection vulnerability in OSGeo Project MapServer before v8.0 allows attackers to execute arbitrary code via a crafted executable.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is explicitly a DLL Injection flaw (directly matching T1055.001) in a public-facing MapServer application that permits remote unauthenticated arbitrary code execution (matching T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the DLL injection vulnerability by requiring timely flaw remediation through upgrading MapServer to version 8.0 or later.
Protects against arbitrary code execution from DLL injection by implementing memory safeguards such as DEP and ASLR to restrict unauthorized code execution in MapServer processes.
Deploys malicious code protection mechanisms to scan for and block crafted executables or injected DLLs targeting MapServer.