Platform
python
Component
geonode
Fixed in
4.4.5
5.0.2
CVE-2026-39921 describes a server-side request forgery (SSRF) vulnerability discovered in GeoNode versions 4.0.0 through 5.0.2. This flaw allows authenticated users possessing document upload permissions to initiate arbitrary outbound HTTP requests by manipulating the doc_url parameter during document uploads. Successful exploitation could enable attackers to access internal network resources, potentially leading to data exposure or further compromise.
The SSRF vulnerability in GeoNode allows authenticated users to bypass security controls and make requests to internal systems. An attacker could craft malicious URLs pointing to internal network targets, loopback addresses, or cloud metadata services. This could result in the GeoNode server making requests to sensitive internal resources without proper SSRF mitigations like private IP filtering or redirect validation. The potential impact includes unauthorized access to internal APIs, data exfiltration from internal services, and potentially even gaining access to cloud credentials if the metadata service is accessible. The blast radius is limited to the internal network accessible from the GeoNode server and the permissions of the authenticated user.
CVE-2026-39921 was publicly disclosed on 2026-04-10. There is no indication of active exploitation or KEV listing at the time of writing. No public proof-of-concept exploits are currently available. The vulnerability's impact is contingent on the attacker's ability to authenticate to GeoNode and obtain document upload permissions.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
The primary mitigation for CVE-2026-39921 is to upgrade GeoNode to version 5.0.2 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing temporary workarounds. These may include restricting network access from the GeoNode server to only necessary internal resources, implementing strict URL validation and sanitization on the doc_url parameter, and enabling SSRF protection mechanisms within the GeoNode configuration. Review user permissions to ensure only authorized users have document upload capabilities. After upgrading, confirm the vulnerability is resolved by attempting a document upload with a known malicious URL and verifying that the request is blocked or properly handled.
Update GeoNode to version 4.4.5 or higher, or to version 5.0.2 or higher to mitigate the server-side request forgery (SSRF) vulnerability. This update fixes the issue by validating the URLs provided during document upload, preventing unauthorized requests to internal resources.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-39921 is a server-side request forgery vulnerability in GeoNode versions 4.0.0 through 5.0.2, allowing authenticated users to trigger outbound HTTP requests.
If you are running GeoNode versions 4.0.0 through 5.0.2 and have users with document upload permissions, you are potentially affected by this vulnerability.
Upgrade GeoNode to version 5.0.2 or later to resolve the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
There is currently no evidence of active exploitation of CVE-2026-39921.
Refer to the GeoNode security advisories for the latest information and updates regarding CVE-2026-39921.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.