Cyber Resilience

CVE-2026-33721

MediumPublic PoC

Published: 27 March 2026

Published
27 March 2026
Modified
17 April 2026
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0030 53.8th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-33721 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Osgeo Mapserver. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 46.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-33721 is a heap-buffer-overflow write vulnerability in the Styled Layer Descriptor (SLD) parser of MapServer, an open-source system for developing web-based GIS applications. The flaw affects MapServer versions starting from 4.2 up to but not including 8.6.1. It stems from improper handling of SLD structures, specifically when processing more than 100 Threshold elements within a ColorMap or Categorize element, classified under CWE-787 (Out-of-bounds Write). The issue carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating medium severity primarily due to availability impact.

A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted SLD document to a vulnerable MapServer instance, commonly via a WMS GetMap request containing an SLD_BODY parameter. Successful exploitation triggers a heap buffer overflow during parsing, causing the MapServer process to crash and resulting in a denial-of-service condition. No user interaction is required, and the attack is straightforward given the low complexity and network accessibility.

Mitigation is available through upgrading to MapServer version 8.6.1 or later, which includes a patch for the SLD parser issue, as detailed in the official release notes. The MapServer security advisory (GHSA-cv4m-mr84-fgjp) confirms the fix and provides additional context on the vulnerability. Debian LTS users are also advised via announcement to apply relevant updates for affected packages.

EU & UK References

Vulnerability details

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a…

more

crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Heap buffer overflow in public-facing MapServer WMS/SLD parser directly enables remote unauthenticated crash of the application process, matching application exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-45104Same product: Osgeo Mapserver
CVE-2024-24422Shared CWE-787
CVE-2026-41989Shared CWE-787
CVE-2025-13151Shared CWE-787
CVE-2020-37208Shared CWE-787
CVE-2026-43656Shared CWE-787
CVE-2025-24326Shared CWE-787
CVE-2021-47786Shared CWE-787
CVE-2019-25478Shared CWE-787
CVE-2026-27853Shared CWE-787

Affected Assets

osgeo
mapserver
4.2.0 — 8.6.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the heap-buffer-overflow by requiring timely remediation through patching to MapServer version 8.6.1 or later.

prevent

Requires validation of untrusted SLD inputs in WMS GetMap requests to reject crafted structures with excessive Threshold elements, preventing parser overflow.

prevent

Implements memory protection mechanisms like address space layout randomization and stack guards to mitigate heap buffer overflow exploits in the SLD parser.

References