Threat Advisory

GeoNetwork Vulnerability Exposes Elasticsearch ACL Bypass Flaw

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Government & Defense
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in GeoNetwork versions 3.x and 4.x, specifically comprising an access control bypass and a reflected cross-site scripting issue. These vulnerabilities allow attackers to bypass authorization checks to access restricted metadata records and execute arbitrary scripts in users' browsers. Successful exploitation could lead to unauthorized disclosure of sensitive information, including internal or draft records, and compromise of user sessions through credential theft. Organizations relying on affected deployments face significant risks of data exposure and potential administrative account takeover.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in GeoNetwork versions 3.x and 4.x, specifically comprising an access control bypass and a reflected cross-site scripting issue. These vulnerabilities allow attackers to bypass authorization checks to access restricted metadata records and execute arbitrary scripts in users' browsers. Successful exploitation could lead to unauthorized disclosure of sensitive information, including internal or draft records, and compromise of user sessions through credential theft. Organizations relying on affected deployments face significant risks of data exposure and potential administrative account takeover.[emaillocker id="1283"]

• CVE-2026-46487 with a CVSS score of 7.5 – This authorization bypass vulnerability allows an unauthenticated attacker to retrieve restricted metadata records by sending requests that omit the query field, causing the access-control filter injection to fail.
• CVE-2026-39379 with a CVSS score of 7.1 – This reflected cross-site scripting vulnerability is exploited by tricking a user into visiting a crafted URL that injects client-side templates into an error page, allowing arbitrary JavaScript execution within the victim's browser session.

The identified vulnerabilities pose a high risk to organizations by enabling unauthorized access to sensitive data and facilitating session hijacking attacks. If left unaddressed, these flaws could result in significant data breaches and the compromise of administrative accounts, undermining the integrity of the geospatial data management platform. Immediate attention is required to safeguard confidential information and maintain system security.

RECOMMENDATION:

  • We recommend you to update GeoNetwork to version 4.4.11.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-582q-v28r-7cxr
https://github.com/advisories/GHSA-2v4m-fw6c-g78f

[/emaillocker]
crossmenu