Description
Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
Published: 2026-05-22
Score: 10 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can upload a file of a dangerous type to Azure Orbital Spatio without restriction, enabling arbitrary code execution via the network. The flaw resides in the absence of validation or sanitization of uploaded content, the typical Weakness of Unvalidated File Upload (CWE‑434). The impact is the compromise of confidentiality, integrity, and availability of the affected system, allowing attackers to run arbitrary code remotely.

Affected Systems

Microsoft Azure Orbital Spatio is the affected product. No specific version details are provided in the CVE entry.

Risk and Exploitability

The CVSS score is 10, indicating critical severity, and the issue is not listed in the CISA KEV catalog. Because no EPSS score is available, the exact likelihood of exploitation cannot be quantified, but the lack of upload restrictions suggests that an unauthorized attacker could trigger the exploit simply by uploading a malicious payload over the network.

Generated by OpenCVE AI on May 22, 2026 at 23:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Azure Orbital Spatio to the latest version that includes proper file‑type validation and sanitization
  • Configure the upload service to allow only whitelisted MIME types and enforce strict MIME type checks
  • Restrict upload access to authenticated users or trusted networks, applying network segmentation and access controls

Generated by OpenCVE AI on May 22, 2026 at 23:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 22 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.
Title Azure Orbital Spatio Remote Code Execution Vulnerability
First Time appeared Microsoft
Microsoft azure Orbital Spatio
Weaknesses CWE-434
CPEs cpe:2.3:a:microsoft:azure_orbital_spatio:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Orbital Spatio
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Orbital Spatio
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-22T22:03:03.939Z

Reserved: 2026-04-13T00:27:50.798Z

Link: CVE-2026-40412

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T00:00:05Z

Weaknesses