Is there a public PoC exploit available for CVE-2026-8088?

Yes, a public proof-of-concept exploit is available for CVE-2026-8088. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2026-8088?

Yes, a patch is available for CVE-2026-8088. Update the affected software to the latest version immediately.

OSGeo GDAL CVE-2026-8088

Q: What is the CVSS score of CVE-2026-8088?

CVE-2026-8088 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-28436 LOW

Out-of-bounds Read (CWE-125)

2026-05-07 VulDB

GHSA-j3f5-rw74-g4rv

Buffer Overflow Information Disclosure

1.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 07, 2026 - 20:31 vuln.today

Analysis Generated

May 07, 2026 - 20:31 vuln.today

CVSS changed

May 07, 2026 - 20:22 NVD

3.3 (LOW) 1.9 (LOW)

CVE Published

May 07, 2026 - 19:30 nvd

LOW 1.9

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

441 pypi packages depend on gdal (382 direct, 70 indirect)

Ecosystem-wide dependent count for version 3.13.0.

DescriptionNVD

A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.13.0RC1 is sufficient to fix this issue. This patch is called a791f70f8eaec540974ec989ca6fb00266b7646c. The affected component should be upgraded.

AnalysisAI

Out-of-bounds read in OSGeo GDAL up to version 3.13.0dev-4 affects the GDfieldinfo function in HDF-EOS module when processing malformed HDF4 files. A locally authenticated attacker can trigger memory disclosure by crafting a specially formatted HDF4 file. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-8088 vulnerability details – vuln.today

Back