Vulnerability Details CVE-2026-45104
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFilter/> — it assumes msSLDParseRule added one class. When the rule has no symbolizer (a structurally valid SLD), msSLDParseRule adds zero, and _SLDApplyRuleValues ends up indexing _class[-1], resulting in a NULL pointer dereference. A 200-byte well-formed SLD via the WMS SLD_BODY= parameter is enough to trigger this, no auth required. This vulnerability is fixed in 8.6.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.7%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-45104
-
cpe:2.3:a:osgeo:mapserver:6.4.0
-
cpe:2.3:a:osgeo:mapserver:6.4.1
-
cpe:2.3:a:osgeo:mapserver:6.4.2
-
cpe:2.3:a:osgeo:mapserver:6.4.3
-
cpe:2.3:a:osgeo:mapserver:6.4.4
-
cpe:2.3:a:osgeo:mapserver:6.4.5
-
cpe:2.3:a:osgeo:mapserver:6.4.6
-
cpe:2.3:a:osgeo:mapserver:7.0.0
-
cpe:2.3:a:osgeo:mapserver:7.0.1
-
cpe:2.3:a:osgeo:mapserver:7.0.2
-
cpe:2.3:a:osgeo:mapserver:7.0.3
-
cpe:2.3:a:osgeo:mapserver:7.0.4
-
cpe:2.3:a:osgeo:mapserver:7.0.5
-
cpe:2.3:a:osgeo:mapserver:7.0.6
-
cpe:2.3:a:osgeo:mapserver:7.0.7
-
cpe:2.3:a:osgeo:mapserver:7.0.8
-
cpe:2.3:a:osgeo:mapserver:7.1.0
-
cpe:2.3:a:osgeo:mapserver:7.2.0
-
cpe:2.3:a:osgeo:mapserver:7.2.1
-
cpe:2.3:a:osgeo:mapserver:7.2.2
-
cpe:2.3:a:osgeo:mapserver:7.2.3
-
cpe:2.3:a:osgeo:mapserver:7.3.0
-
cpe:2.3:a:osgeo:mapserver:7.4.0
-
cpe:2.3:a:osgeo:mapserver:7.4.1
-
cpe:2.3:a:osgeo:mapserver:7.4.2
-
cpe:2.3:a:osgeo:mapserver:7.4.3
-
cpe:2.3:a:osgeo:mapserver:7.4.4
-
cpe:2.3:a:osgeo:mapserver:7.4.5
-
cpe:2.3:a:osgeo:mapserver:7.5.0
-
cpe:2.3:a:osgeo:mapserver:7.6.0
-
cpe:2.3:a:osgeo:mapserver:7.6.1
-
cpe:2.3:a:osgeo:mapserver:7.6.2
-
cpe:2.3:a:osgeo:mapserver:7.6.3
-
cpe:2.3:a:osgeo:mapserver:7.6.4
-
cpe:2.3:a:osgeo:mapserver:7.6.5
-
cpe:2.3:a:osgeo:mapserver:7.6.6
-
cpe:2.3:a:osgeo:mapserver:7.6.7
-
cpe:2.3:a:osgeo:mapserver:8.0.0
-
cpe:2.3:a:osgeo:mapserver:8.0.1
-
cpe:2.3:a:osgeo:mapserver:8.0.2
-
cpe:2.3:a:osgeo:mapserver:8.2.0
-
cpe:2.3:a:osgeo:mapserver:8.2.1
-
cpe:2.3:a:osgeo:mapserver:8.2.2
-
cpe:2.3:a:osgeo:mapserver:8.4.0
-
cpe:2.3:a:osgeo:mapserver:8.4.1
-
cpe:2.3:a:osgeo:mapserver:8.6.0
-
cpe:2.3:a:osgeo:mapserver:8.6.1
-
cpe:2.3:a:osgeo:mapserver:8.6.2