Skip to main content

Microsoft CVE-2026-30478

| EUVDEUVD-2026-20960 HIGH
Uncontrolled Search Path Element (CWE-427)
2026-04-09 mitre GHSA-9vwp-gfwx-69j2
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 09, 2026 - 17:45 euvd
EUVD-2026-20960
Analysis Generated
Apr 09, 2026 - 17:45 vuln.today
CVE Published
Apr 09, 2026 - 00:00 nvd
HIGH 8.8

DescriptionCVE.org

A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable.

AnalysisAI

DLL injection in GatewayGeo MapServer for Windows version 5 enables authenticated local attackers to escalate privileges to SYSTEM level through crafted executable placement. The vulnerability exploits insecure library loading paths, allowing low-privileged users to inject malicious DLLs that execute with elevated permissions. Publicly available exploit code exists. Affects Windows deployments only; CVSS 8.8 reflects local attack vector requiring low privileges but achieving full system compromise across security boundaries.

Technical ContextAI

CWE-427 uncontrolled search path element vulnerability. MapServer 5 for Windows fails to validate DLL load locations, enabling authenticated users to place malicious libraries in predictable search paths. Application loads attacker-controlled DLLs during execution, inheriting elevated process context and bypassing privilege boundaries.

RemediationAI

No vendor-released patch identified at time of analysis. Primary mitigation: restrict write permissions on application directories and system PATH locations to prevent unauthorized DLL placement by low-privileged accounts. Implement application whitelisting to block execution of unauthorized binaries in MapServer directories. Configure Windows to enforce Safe DLL Search Mode via registry. Monitor for suspicious DLL loads using Sysmon Event ID 7. Consider migrating to current MapServer 8.x branch if compatible, as version 5 represents legacy software unlikely to receive security updates. Vendor advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-30478. Organizations unable to apply controls should evaluate decommissioning MapServer 5 due to exploit code availability and absence of patching timeline.

Share

CVE-2026-30478 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy