{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/mapfish/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["print-lib","print-servlet"],"_cs_severities":["critical"],"_cs_tags":["remote-code-execution","code-injection","mapfish","web-application"],"_cs_type":"advisory","_cs_vendors":["Mapfish"],"content_html":"\u003cp\u003eA critical remote code injection vulnerability, tracked as CVE-2026-44672, has been identified in the Dynamic table component of Mapfish Print. This flaw allows an unauthenticated attacker to execute arbitrary code on the server. The vulnerability affects multiple versions of the \u003ccode\u003eprint-lib\u003c/code\u003e and \u003ccode\u003eprint-servlet\u003c/code\u003e components, specifically versions between 3.23.0 and 3.28.28, 3.29.0 and 3.30.30, 3.31.0 and 3.31.21, 3.32.0 and 3.33.14, and 3.34.0 and 4.0.3. Successful exploitation grants the attacker complete control over the affected Mapfish Print instance.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the Dynamic table functionality in Mapfish Print.\u003c/li\u003e\n\u003cli\u003eThis request contains a payload designed to inject arbitrary code into the server-side processing logic.\u003c/li\u003e\n\u003cli\u003eThe injected code leverages a vulnerability in how Mapfish Print handles data within the Dynamic table component.\u003c/li\u003e\n\u003cli\u003eMapfish Print processes the malicious request, inadvertently executing the injected code.\u003c/li\u003e\n\u003cli\u003eThe injected code gains access to the underlying operating system with the privileges of the Mapfish Print application.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the gained access to execute system commands.\u003c/li\u003e\n\u003cli\u003eThe attacker deploys a reverse shell to establish a persistent connection to the compromised server.\u003c/li\u003e\n\u003cli\u003eThe attacker pivots within the network to compromise additional systems or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44672 allows unauthenticated attackers to execute arbitrary code on systems running vulnerable versions of Mapfish Print. This can lead to complete system compromise, data theft, and disruption of services. The number of affected installations is currently unknown, but organizations using Mapfish Print for critical mapping and printing services are at high risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately upgrade Mapfish Print \u003ccode\u003eprint-lib\u003c/code\u003e and \u003ccode\u003eprint-servlet\u003c/code\u003e components to a patched version greater than or equal to 3.28.28, 3.30.30, 3.31.21, 3.33.14, or 4.0.3, as indicated in the advisory.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect exploitation attempts targeting CVE-2026-44672 by monitoring for suspicious HTTP requests.\u003c/li\u003e\n\u003cli\u003eReview network traffic to Mapfish Print servers for unusual patterns or connections originating from unexpected locations.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization measures to prevent code injection vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T01:37:00Z","date_published":"2026-05-13T01:37:00Z","id":"https://feed.craftedsignal.io/briefs/2026-05-mapfish-rce/","summary":"An unauthenticated remote code injection vulnerability (CVE-2026-44672) exists in Mapfish Print's Dynamic table functionality, allowing attackers to execute arbitrary code on the server.","title":"Mapfish Print Remote Code Injection Vulnerability in Dynamic Table (CVE-2026-44672)","url":"https://feed.craftedsignal.io/briefs/2026-05-mapfish-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Mapfish","version":"https://jsonfeed.org/version/1.1"}