Mapfish Print: Remote Code Injection (RCE) in Dynamic table — CVE-2026-44672

Summary

### Impact The attacker can execute arbitrary code without being authenticated ### Mitigation Upgrade to a patched version (please check affected/patched version matrix) ### Credits Bug Bounty of Canton du Jura

Product

maven: org.mapfish.print:print-lib | maven: org.mapfish.print:print-servlet

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

• Read the official source
• CVE Record
• NVD

Related advisories