CVE-2026-0522
Awaiting Analysis Awaiting Analysis - Queue
Local File Inclusion in VertiGIS FM Enables Remote Code Execution

Publication date: 2026-04-01

Last updated on: 2026-04-07

Assigner: Switzerland Government Common Vulnerability Program

Description
A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks. This issue affects VertiGIS FM: 10.5.00119 (0d29d428).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-01
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-0522
EUVD
EUVD-2026-17877
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vertigis fm 10.11.363
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-610 The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a local file inclusion issue in the VertiGIS FM application, specifically in its upload and download process. Authenticated attackers can manipulate the file path during upload to read arbitrary files from the server when those files are later downloaded.

Because the application is built on ASP.NET, obtaining sensitive files like "web.config" could potentially allow attackers to execute remote code on the server.

Additionally, the application resolves UNC paths, which may enable NTLM-relaying attacks, further increasing the risk.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive files on the server.

If attackers obtain critical configuration files like "web.config", they might execute remote code, potentially taking control of the server.

The ability to perform NTLM-relaying attacks could allow attackers to impersonate users and escalate privileges within the network.

Compliance Impact

The vulnerability allows authenticated attackers to read arbitrary files from the server by manipulating file paths during upload and download processes. This can lead to unauthorized access to sensitive data stored on the server.

Such unauthorized access to sensitive information could result in violations of data protection regulations and standards like GDPR and HIPAA, which require strict controls over access to personal and protected health information.

Additionally, the potential for remote code execution and NTLM-relaying attacks increases the risk of further compromise, which could exacerbate non-compliance issues related to system integrity and data confidentiality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0522. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart