CVE-2026-40412
published 2026-05-22CVE-2026-40412: Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
41.0th percentile
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_orbital_spatio | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvelistv5v3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-46m7-mpp9-r4v3: Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network
ghsa_unreviewed·2026-05-26
CVE-2026-40412 [CRITICAL] CWE-434 GHSA-46m7-mpp9-r4v3: Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
VulDB
Microsoft Azure Orbital Spatio unrestricted upload
vuldb·2026-05-23
CVE-2026-40412 Microsoft Azure Orbital Spatio unrestricted upload
A vulnerability, which was classified as critical, was found in Microsoft Azure Orbital Spatio. This affects an unknown part. Executing a manipulation can lead to unrestricted upload.
This vulnerability is registered as CVE-2026-40412. It is possible to launch the attack remotely. No exploit is available.
This product is provided as a managed service, meaning users do not have the ability to maintain vulnerability countermeasures themselves.
CVEList
Azure Orbital Spatio Remote Code Execution Vulnerability
cvelistv5·2026-05-22·CVSS 10.0
CVE-2026-40412 [CRITICAL] CWE-434 Azure Orbital Spatio Remote Code Execution Vulnerability
Azure Orbital Spatio Remote Code Execution Vulnerability
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-22
Published