Platform
python
Component
geonode
Fixed in
4.4.6
5.0.3
4.4.5
4.4.5
CVE-2026-39922 is a server-side request forgery (SSRF) vulnerability discovered in GeoNode versions 4.0.0 through 5.0.2. This flaw allows authenticated attackers to initiate outbound network requests to arbitrary URLs by manipulating the service registration endpoint, potentially exposing internal network resources. The vulnerability stems from insufficient URL validation within the WMS service handler, and affects versions 4.4.5 and prior within the 5.0.2 release. A patch is available in version 5.0.2.
CVE-2026-39922 affects GeoNode versions 4.4.5 and prior, as well as 5.0.2 and prior within their respective releases. This vulnerability is a server-side request forgery (SSRF) located in the service registration endpoint. An authenticated attacker can exploit this to trigger outbound network requests to arbitrary URLs. This allows probing of internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services. The insufficient URL validation is the root cause, allowing attackers to bypass security restrictions and access protected internal resources.
An attacker with authenticated access to GeoNode can exploit this vulnerability. The process involves crafting a malicious request to the service registration endpoint, providing a URL that points to a desired internal or external resource. GeoNode, upon processing this request, will make a network request to the specified destination on behalf of the attacker. This allows the attacker to access confidential information, execute commands on internal systems, or perform other malicious actions. The severity of the vulnerability depends on the access the attacker can obtain through the forced request.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
The primary mitigation for CVE-2026-39922 is to upgrade GeoNode to version 5.0.3 or later. This version includes a fix that properly validates URLs provided during service registration, preventing SSRF. As a temporary measure, restrict access to the service registration endpoint to trusted users and systems. Additionally, implementing firewalls and network rules that limit outbound connections from GeoNode to necessary destinations can reduce the potential impact of a successful exploitation. Monitoring GeoNode logs for suspicious activity is also crucial for detecting and responding to potential attacks.
Actualice GeoNode a la versión 5.0.3 o superior para mitigar la vulnerabilidad SSRF. La actualización corrige la validación de URL en el punto final de registro de servicios, previniendo que atacantes autenticados realicen solicitudes de red arbitrarias.
Vulnerability analysis and critical alerts directly to your inbox.
An SSRF (Server-Side Request Forgery) vulnerability allows an attacker to force the server to make requests to arbitrary URLs, potentially accessing internal or external resources.
It means the attacker needs to have valid credentials to access the GeoNode service registration endpoint.
Version 5.0.3 contains the necessary fix to prevent exploitation of this SSRF vulnerability.
As a temporary measure, restrict access to the service registration endpoint and limit outbound connections from GeoNode.
Visit the official GeoNode website: [https://geonode.org/](https://geonode.org/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.