Buffer overflow in GeoWebPlayer - CVE-2026-57274
Published: July 2, 2026
GeoWebPlayer
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Websocket Server connectInfo handler functionality in password field when no key variable is provided. A remote attacker can can use a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.