Summary GeoNetwork's Elasticsearch-backed search API is responsible for injecting access-control and visibility filters into every request before it reaches the underlying Elasticsearch index. Under certain request cond…
| CVE ID | CVE-2026-46487 |
| Vendor | maven |
| Affected Product | org.geonetwork-opensource:geonetwork |
| Vulnerability Type | Vulnerability |
| CVSS Score | 7.5 (HIGH) |
| Actively Exploited | ❌ No known exploitation |
| Patch Status | See Vendor Advisory → |
| Reported By | CYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories) |
#
GeoNetwork's Elasticsearch-backed search API is responsible for injecting access-control and visibility filters into every request before it reaches the underlying Elasticsearch index. Under certain request conditions, that filtering step does not run, allowing an unauthenticated user to retrieve indexed metadata records that should be restricted, including records limited to specific groups.
The search proxy layer forwards client-supplied search requests to Elasticsearch after adding GeoNetwork's own access-control and filter clauses. A flaw in how that filter-injection step is triggered means it can be skipped under certain conditions, so the affected request reaches Elasticsearch without the intended access restrictions applied.
This is an authorizatio
Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.