Is there a public PoC exploit available for EUVD-2026-28948?

Yes, a public proof-of-concept exploit is available for EUVD-2026-28948. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for EUVD-2026-28948?

Yes, a patch is available for EUVD-2026-28948. Update the affected software to the latest version immediately.

OSGeo GDAL EUVD-2026-28948

Q: What is the CVSS score of EUVD-2026-28948?

EUVD-2026-28948 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8212 LOW

Heap-based Buffer Overflow (CWE-122)

2026-05-09 VulDB

GHSA-r5m4-5vww-w9f5

Buffer Overflow Heap Overflow

1.9

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 09, 2026 - 23:30 vuln.today

Analysis Generated

May 09, 2026 - 23:30 vuln.today

Severity Changed

May 09, 2026 - 23:22 NVD

MEDIUM LOW

CVSS changed

May 09, 2026 - 23:22 NVD

5.3 (MEDIUM) 1.9 (LOW)

CVE Published

May 09, 2026 - 22:30 nvd

LOW 1.9

DescriptionNVD

A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been published and may be used. Upgrading to version 3.13.0RC1 addresses this issue. This patch is called 3e04c0385630e4d42517046d9a4967dfccfeb7fd. The affected component should be upgraded.

AnalysisAI

Heap-based buffer overflow in GDAL's HDF4-EOS SWSDfldsrch function (frmts/hdf4/hdf-eos/SWapi.c) allows local authenticated attackers to cause memory corruption through manipulation of malformed HDF4 files. The vulnerability stems from unsafe string manipulation that fails to validate metadata field list format before stripping quotes, enabling out-of-bounds writes. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-28948 vulnerability details – vuln.today

Back