Is there a public PoC exploit available for CVE-2026-8086?

Yes, a public proof-of-concept exploit is available for CVE-2026-8086. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-8086?

Yes, a patch is available for CVE-2026-8086. Update the affected software to the latest version immediately.

OSGeo GDAL CVE-2026-8086

Q: What is the CVSS score of CVE-2026-8086?

CVE-2026-8086 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-28418 LOW

Heap-based Buffer Overflow (CWE-122)

2026-05-07 VulDB

GHSA-72pg-5w29-wjx6

Buffer Overflow Heap Overflow

1.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 07, 2026 - 19:48 vuln.today

Analysis Generated

May 07, 2026 - 19:48 vuln.today

Severity Changed

May 07, 2026 - 19:22 NVD

MEDIUM LOW

CVSS changed

May 07, 2026 - 19:22 NVD

5.3 (MEDIUM) 1.9 (LOW)

CVE Published

May 07, 2026 - 18:45 nvd

LOW 1.9

DescriptionNVD

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The name of the patch is 9491e794f1757f08063ea2f7a274ad2994afa636. It is advisable to upgrade the affected component.

AnalysisAI

Heap-based buffer overflow in OSGeo GDAL up to 3.13.0dev-4 within the SWnentries function of the HDF4-EOS module allows local authenticated attackers to cause memory corruption via crafted DimensionName arguments. The vulnerability requires local access and authenticated privileges but can be exploited with publicly available proof-of-concept code. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8086 vulnerability details – vuln.today

Back