CVE-2026-0522 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subsequently downloaded, the file in the attacker controlled path is returned. Due to the application's ASP.NET architecture, this could potentially lead to remote code execution when the "web.config" file is obtained. Furthermore, the application resolves UNC paths which may enable NTLM-relaying attacks. This issue affects VertiGIS FM: 10.5.00119 (0d29d428).

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Vertigis	Fm	10.11.363

Related Weaknesses (CWE)

CWE-610

References

https://support.vertigis.com/hc/en-us/articles/31214433137042-Security-VulnerabiVendor Advisory
https://www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/Third Party AdvisoryExploit

FAQ

What is CVE-2026-0522?

CVE-2026-0522 is a vulnerability with a CVSS score of 8.8 (HIGH). A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path dur...

How severe is CVE-2026-0522?

CVE-2026-0522 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-0522?

Check the references section above for vendor advisories and patch information. Affected products include: Vertigis Fm.