NVD HIGH: CVE-2026-8086 — A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affec...

Thursday, May 7, 2026 at 07:16 PM UTC·Source: NIST NVD

Updated: Wednesday, May 13, 2026 at 01:00 PM UTC

Executive Summary

A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The nam

Analysis

Indicators of Compromise (2)

SHA-1 (1)

9491e794f1757f08063ea2f7a274ad2994afa636

VirusTotal AnyRun Joe Sandbox

CVE (1)

CVE-2026-8086

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 7, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Deutsche Bank joins $120m funding round for crypto analytics firm Elliptic

Cryptocurrency and blockchain surveillance and analytics specialist Elliptic has raised $120 million in a Series D funding round led by One Peak, with participation from Nasdaq Ventures, Deutsche Bank and the British Business Bank.

25m agoFinextra

MEDIUMVulnerabilityNEW

Paybis secures MiCA and PSD2 licences

Paybis, a trusted cryptocurrency platform serving 7 million people, today joins a small club of global crypto platforms to have received authorisation as a Crypto Asset Service Provider (CASP) under the EU’s Markets in Crypto-Assets regulation (MiCA), alongside receiving a Payment Institution (PI) licence under PSD2 simultaneously, on the same day.

26m agoFinextra

CRITICALVulnerability

73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation

Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. [...]

1h agoBleepingComputer