Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-49014

In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer without validating the attribute length. The attacker embeds the exploit as an oversized geometry attribute in a crafted NetCDF file. This achieves arbitrary code execution on the server running GDAL. This is in frmts/netcdf/netcdfsg.cpp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.8%
CVSS Severity
CVSS v3 Score 7.4
Products affected by CVE-2026-49014
  • Osgeo » Gdal » Version: 3.1.0
    cpe:2.3:a:osgeo:gdal:3.1.0
  • Osgeo » Gdal » Version: 3.1.1
    cpe:2.3:a:osgeo:gdal:3.1.1
  • Osgeo » Gdal » Version: 3.1.2
    cpe:2.3:a:osgeo:gdal:3.1.2
  • Osgeo » Gdal » Version: 3.1.3
    cpe:2.3:a:osgeo:gdal:3.1.3
  • Osgeo » Gdal » Version: 3.1.4
    cpe:2.3:a:osgeo:gdal:3.1.4
  • Osgeo » Gdal » Version: 3.10.0
    cpe:2.3:a:osgeo:gdal:3.10.0
  • Osgeo » Gdal » Version: 3.10.1
    cpe:2.3:a:osgeo:gdal:3.10.1
  • Osgeo » Gdal » Version: 3.10.2
    cpe:2.3:a:osgeo:gdal:3.10.2
  • Osgeo » Gdal » Version: 3.10.3
    cpe:2.3:a:osgeo:gdal:3.10.3
  • Osgeo » Gdal » Version: 3.11.0
    cpe:2.3:a:osgeo:gdal:3.11.0
  • Osgeo » Gdal » Version: 3.11.1
    cpe:2.3:a:osgeo:gdal:3.11.1
  • Osgeo » Gdal » Version: 3.11.2
    cpe:2.3:a:osgeo:gdal:3.11.2
  • Osgeo » Gdal » Version: 3.11.3
    cpe:2.3:a:osgeo:gdal:3.11.3
  • Osgeo » Gdal » Version: 3.11.4
    cpe:2.3:a:osgeo:gdal:3.11.4
  • Osgeo » Gdal » Version: 3.11.5
    cpe:2.3:a:osgeo:gdal:3.11.5
  • Osgeo » Gdal » Version: 3.12.0
    cpe:2.3:a:osgeo:gdal:3.12.0
  • Osgeo » Gdal » Version: 3.12.1
    cpe:2.3:a:osgeo:gdal:3.12.1
  • Osgeo » Gdal » Version: 3.12.2
    cpe:2.3:a:osgeo:gdal:3.12.2
  • Osgeo » Gdal » Version: 3.12.3
    cpe:2.3:a:osgeo:gdal:3.12.3
  • Osgeo » Gdal » Version: 3.12.4
    cpe:2.3:a:osgeo:gdal:3.12.4
  • Osgeo » Gdal » Version: 3.13.0
    cpe:2.3:a:osgeo:gdal:3.13.0
  • Osgeo » Gdal » Version: 3.2.0
    cpe:2.3:a:osgeo:gdal:3.2.0
  • Osgeo » Gdal » Version: 3.2.1
    cpe:2.3:a:osgeo:gdal:3.2.1
  • Osgeo » Gdal » Version: 3.2.2
    cpe:2.3:a:osgeo:gdal:3.2.2
  • Osgeo » Gdal » Version: 3.2.3
    cpe:2.3:a:osgeo:gdal:3.2.3
  • Osgeo » Gdal » Version: 3.3.0
    cpe:2.3:a:osgeo:gdal:3.3.0
  • Osgeo » Gdal » Version: 3.3.1
    cpe:2.3:a:osgeo:gdal:3.3.1
  • Osgeo » Gdal » Version: 3.3.2
    cpe:2.3:a:osgeo:gdal:3.3.2
  • Osgeo » Gdal » Version: 3.3.3
    cpe:2.3:a:osgeo:gdal:3.3.3
  • Osgeo » Gdal » Version: 3.4.0
    cpe:2.3:a:osgeo:gdal:3.4.0
  • Osgeo » Gdal » Version: 3.4.1
    cpe:2.3:a:osgeo:gdal:3.4.1
  • Osgeo » Gdal » Version: 3.4.2
    cpe:2.3:a:osgeo:gdal:3.4.2
  • Osgeo » Gdal » Version: 3.4.3
    cpe:2.3:a:osgeo:gdal:3.4.3
  • Osgeo » Gdal » Version: 3.5.0
    cpe:2.3:a:osgeo:gdal:3.5.0
  • Osgeo » Gdal » Version: 3.5.0.1
    cpe:2.3:a:osgeo:gdal:3.5.0.1
  • Osgeo » Gdal » Version: 3.5.0.2
    cpe:2.3:a:osgeo:gdal:3.5.0.2
  • Osgeo » Gdal » Version: 3.5.0.3
    cpe:2.3:a:osgeo:gdal:3.5.0.3
  • Osgeo » Gdal » Version: 3.5.1
    cpe:2.3:a:osgeo:gdal:3.5.1
  • Osgeo » Gdal » Version: 3.5.2
    cpe:2.3:a:osgeo:gdal:3.5.2
  • Osgeo » Gdal » Version: 3.5.3
    cpe:2.3:a:osgeo:gdal:3.5.3
  • Osgeo » Gdal » Version: 3.6.0
    cpe:2.3:a:osgeo:gdal:3.6.0
  • Osgeo » Gdal » Version: 3.6.0.1
    cpe:2.3:a:osgeo:gdal:3.6.0.1
  • Osgeo » Gdal » Version: 3.6.1
    cpe:2.3:a:osgeo:gdal:3.6.1
  • Osgeo » Gdal » Version: 3.6.2
    cpe:2.3:a:osgeo:gdal:3.6.2
  • Osgeo » Gdal » Version: 3.6.3
    cpe:2.3:a:osgeo:gdal:3.6.3
  • Osgeo » Gdal » Version: 3.6.4
    cpe:2.3:a:osgeo:gdal:3.6.4
  • Osgeo » Gdal » Version: 3.7.0
    cpe:2.3:a:osgeo:gdal:3.7.0
  • Osgeo » Gdal » Version: 3.7.1
    cpe:2.3:a:osgeo:gdal:3.7.1
  • Osgeo » Gdal » Version: 3.7.2
    cpe:2.3:a:osgeo:gdal:3.7.2
  • Osgeo » Gdal » Version: 3.7.3
    cpe:2.3:a:osgeo:gdal:3.7.3
  • Osgeo » Gdal » Version: 3.8.0
    cpe:2.3:a:osgeo:gdal:3.8.0
  • Osgeo » Gdal » Version: 3.8.1
    cpe:2.3:a:osgeo:gdal:3.8.1
  • Osgeo » Gdal » Version: 3.8.2
    cpe:2.3:a:osgeo:gdal:3.8.2
  • Osgeo » Gdal » Version: 3.8.3
    cpe:2.3:a:osgeo:gdal:3.8.3
  • Osgeo » Gdal » Version: 3.8.4
    cpe:2.3:a:osgeo:gdal:3.8.4
  • Osgeo » Gdal » Version: 3.8.5
    cpe:2.3:a:osgeo:gdal:3.8.5
  • Osgeo » Gdal » Version: 3.9.0
    cpe:2.3:a:osgeo:gdal:3.9.0
  • Osgeo » Gdal » Version: 3.9.1
    cpe:2.3:a:osgeo:gdal:3.9.1
  • Osgeo » Gdal » Version: 3.9.2
    cpe:2.3:a:osgeo:gdal:3.9.2
  • Osgeo » Gdal » Version: 3.9.3
    cpe:2.3:a:osgeo:gdal:3.9.3


Products
Pricing
Contact Us

Shodan ® - All rights reserved