CVE-2026-8213 — OSGeo Gdal Buffer Overflow
CVE-2026-8213 — A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally.
What This Means For You
- If your environment is affected by CWE-119, CWE-122, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-8213 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Local Heap Overflow Exploitation via OSGeo Gdal GDapi.c - CVE-2026-8213
title: Local Heap Overflow Exploitation via OSGeo Gdal GDapi.c - CVE-2026-8213
id: scw-2026-05-09-ai-1
status: experimental
level: high
description: |
This rule detects the execution of OSGeo Gdal utilities (gdalinfo, ogrinfo, gdal) with specific command-line arguments that are often used in conjunction with exploiting the heap-based buffer overflow vulnerability in GDapi.c (CVE-2026-8213). The vulnerability is triggered locally and affects versions up to 3.13.0dev-4. The exploit involves manipulating the Grid File Handler component. This detection focuses on the potential local exploitation vector.
author: SCW Feed Engine (AI-generated)
date: 2026-05-09
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-8213/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: process_creation
detection:
selection:
Image|startswith:
- 'C:\Program Files\OSGeo4W\bin\gdalinfo.exe'
- 'C:\Program Files\OSGeo4W\bin\ogrinfo.exe'
- 'C:\Program Files\OSGeo4W\bin\gdal.exe'
CommandLine|contains:
- '-stats'
- '-q'
ParentImage|contains:
- 'cmd.exe'
- 'powershell.exe'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-8213 | vulnerability | CVE-2026-8213 |
| CWE-119 | weakness | CWE-119 |
| CWE-122 | weakness | CWE-122 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 10, 2026 at 02:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-8212 — OSGeo Gdal Buffer Overflow
CVE-2026-8212 — A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c....
CVE-2026-8211 — Codelibs Fess Vulnerability
CVE-2026-8211 — A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of...
CVE-2026-45184 — Kdenlive before 26.04.1 allows dangerous proxy parameters
CVE-2026-45184 — Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used.