Fedora 42 qgis Important Remote Code Exec Vuln 2026-24480
fedora
March 16, 2026
Update to qgis-3.44.8.
Summary
Geographic Information System (GIS) manages, analyzes, and displays
databases of geographic information. QGIS supports shape file
viewing and editing, spatial data storage with PostgreSQL/PostGIS, projection
on-the-fly, map composition, and a number of other features via a plugin
interface. QGIS also supports display of various geo-referenced raster and
Digital Elevation Model (DEM) formats including GeoTIFF, Arc/Info ASCII Grid,
and USGS ASCII DEM.
Update Information:
Update to qgis-3.44.8.
Topics Covered
Change Log
* Fri Mar 6 2026 Sandro Mani
References
[ 1 ] Bug #2433154 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433154 [ 2 ] Bug #2433156 - CVE-2026-24480 qgis: QGIS GitHub Actions workflow: Remote Code Execution and repository compromise via insecure `pull_request_target` configuration [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2433156
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cd6e404295' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Name: qgis
Product: Fedora 42
Version: 3.44.8
Release: 1.fc42
URL: http://www.qgis.org
Summary: A user friendly Open Source Geographic Information System
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!