Is there a public PoC exploit available for CVE-2026-8084?

Yes, a public proof-of-concept exploit is available for CVE-2026-8084. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-8084?

Yes, a patch is available for CVE-2026-8084. Update the affected software to the latest version immediately.

OSGeo GDAL CVE-2026-8084

Q: What is the CVSS score of CVE-2026-8084?

CVE-2026-8084 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-28417 LOW

Out-of-bounds Read (CWE-125)

2026-05-07 VulDB

GHSA-jmvp-7877-wr2f

Buffer Overflow Information Disclosure

1.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 07, 2026 - 19:48 vuln.today

Analysis Generated

May 07, 2026 - 19:48 vuln.today

CVSS changed

May 07, 2026 - 19:22 NVD

3.3 (LOW) 1.9 (LOW)

CVE Published

May 07, 2026 - 18:30 nvd

LOW 1.9

DescriptionNVD

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.13.0RC1 is able to resolve this issue. Patch name: a791f70f8eaec540974ec989ca6fb00266b7646c. Upgrading the affected component is advised.

AnalysisAI

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 occurs in the HDF-EOS Grid File Handler when parsing malformed HDF4 files, allowing local authenticated attackers to read memory beyond buffer bounds. The vulnerability exists in the memmove operation within SWapi.c and GDapi.c that processes field information without proper bounds validation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8084 vulnerability details – vuln.today

Back