Threat Advisory

Mapfish Print Vulnerabilities Enable Remote Execution

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-44672 with a CVSS score of 9.0 is a critical remote code injection (RCE) vulnerability in Mapfish Print, specifically in the dynamic table functionality. The affected software includes the maven/org.mapfish.print:print-lib package with versions ranging from 3.23.0 to 3.28.28, 3.29.0 to 3.30.30, 3.31.0 to 3.31.21, 3.32.0 to 3.33.14, and 3.34.0 to 4.0.3, as well as the maven/org.mapfish.print:print-servlet package with the same version ranges. An attacker can exploit this vulnerability by manipulating the dynamic table functionality, which requires access to the affected Mapfish Print application. By doing so, the attacker gains the capability to execute arbitrary code without being authenticated. The business impact and consequences of exploiting this vulnerability are severe, as it allows an attacker to gain unauthorized access and potentially disrupt or compromise the entire system. To exploit this vulnerability, the attacker must have access to the affected Mapfish Print application and be able to manipulate the dynamic table functionality.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-44672 with a CVSS score of 9.0 is a critical remote code injection (RCE) vulnerability in Mapfish Print, specifically in the dynamic table functionality. The affected software includes the maven/org.mapfish.print:print-lib package with versions ranging from 3.23.0 to 3.28.28, 3.29.0 to 3.30.30, 3.31.0 to 3.31.21, 3.32.0 to 3.33.14, and 3.34.0 to 4.0.3, as well as the maven/org.mapfish.print:print-servlet package with the same version ranges. An attacker can exploit this vulnerability by manipulating the dynamic table functionality, which requires access to the affected Mapfish Print application. By doing so, the attacker gains the capability to execute arbitrary code without being authenticated. The business impact and consequences of exploiting this vulnerability are severe, as it allows an attacker to gain unauthorized access and potentially disrupt or compromise the entire system. To exploit this vulnerability, the attacker must have access to the affected Mapfish Print application and be able to manipulate the dynamic table functionality.[emaillocker id="1283"]

RECOMMENDATION:

  • We recommend you to update maven/org.mapfish.print:print-lib to version 4.0.3.
  • We recommend you to update maven/org.mapfish.print:print-servlet to version 4.0.3.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-q7m6-wpvf-mvwx

[/emaillocker]
crossmenu