Tag
A high-severity authorization bypass vulnerability, CVE-2026-46487, in GeoNetwork's Elasticsearch-backed search API allows unauthenticated attackers to retrieve restricted metadata records by bypassing access control and visibility filters when the request body omits the 'query' field, leading to sensitive information disclosure.