Intelligence
criticalVulnerabilityActive

Mapfish Print Unauthenticated Remote Code Execution via Dynamic Table Processing

Mapfish Print contains an unauthenticated RCE vulnerability in dynamic table functionality, allowing arbitrary code execution without credentials. This PoC is significant for defenders as it demonstrates a critical authentication bypass combined with code injection.

S
Sebastion

CVE References

CVE-2026-44672

Affected

Mapfish/Mapfish Print

Vulnerability Overview

Mapfish Print contains a remote code execution vulnerability classified as dynamic table injection. The root cause appears to stem from insufficient input validation and unsafe processing of user-supplied data in the dynamic table rendering component. The vulnerability allows unauthenticated attackers to inject and execute arbitrary code during table generation, bypassing authentication controls entirely.

Proof-of-Concept Significance

The PoC demonstrates that the injection point in dynamic table processing is reliably exploitable without prior authentication. This is particularly dangerous as it eliminates a fundamental security boundary. The vulnerability likely affects all instances where dynamic tables are rendered from user input, making it broadly applicable across deployments.

Detection Guidance

Defenders should monitor for: (1) HTTP requests to Mapfish Print endpoints handling table parameters without valid authentication tokens; (2) unusual characters or code patterns in table-related POST/GET parameters (template syntax, code delimiters); (3) process spawning from Mapfish Print service processes; (4) unexpected outbound network connections from the Mapfish service. Log aggregation should flag any table rendering errors combined with authentication failures.

Mitigation Strategy

Immediate actions: (1) Upgrade to the patched version listed in the advisory; (2) If patching is delayed, implement network segmentation restricting Mapfish Print access to trusted networks only; (3) Disable dynamic table functionality if not required; (4) Implement rate-limiting on table processing endpoints; (5) Deploy WAF rules blocking suspicious parameter patterns.

Risk Assessment

This vulnerability presents critical risk due to unauthenticated access and code execution capability. Exploitation likelihood in the wild is high given the simplicity of authentication bypass. Threat actors actively target RCE vulnerabilities in map rendering services. Organizations running exposed Mapfish Print instances should prioritize patching immediately.

Sources

pocrcecode-injectionauthentication-bypassunauthenticateddynamic-content-processing
Back to intelligence