High severityNVD Advisory· Published Feb 26, 2026· Updated Feb 26, 2026
TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist
CVE-2026-27818
Description
TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. Version 4.0.3 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
terriajs-servernpm | < 4.0.3 | 4.0.3 |
Affected products
2- Range: < 4.0.3
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-w789-49fc-v8hrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27818ghsaADVISORY
- github.com/TerriaJS/terriajs-server/commit/3aaa5d9717162b245ae4569232bbe7d8673c913fghsax_refsource_MISCWEB
- github.com/TerriaJS/terriajs-server/releases/tag/4.0.3ghsaWEB
- github.com/TerriaJS/terriajs-server/security/advisories/GHSA-w789-49fc-v8hrghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.