Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable.
AnalysisAI
DLL injection in GatewayGeo MapServer for Windows version 5 enables authenticated local attackers to escalate privileges to SYSTEM level through crafted executable placement. The vulnerability exploits insecure library loading paths, allowing low-privileged users to inject malicious DLLs that execute with elevated permissions. Publicly available exploit code exists. Affects Windows deployments only; CVSS 8.8 reflects local attack vector requiring low privileges but achieving full system compromise across security boundaries.
Technical ContextAI
CWE-427 uncontrolled search path element vulnerability. MapServer 5 for Windows fails to validate DLL load locations, enabling authenticated users to place malicious libraries in predictable search paths. Application loads attacker-controlled DLLs during execution, inheriting elevated process context and bypassing privilege boundaries.
RemediationAI
No vendor-released patch identified at time of analysis. Primary mitigation: restrict write permissions on application directories and system PATH locations to prevent unauthorized DLL placement by low-privileged accounts. Implement application whitelisting to block execution of unauthorized binaries in MapServer directories. Configure Windows to enforce Safe DLL Search Mode via registry. Monitor for suspicious DLL loads using Sysmon Event ID 7. Consider migrating to current MapServer 8.x branch if compatible, as version 5 represents legacy software unlikely to receive security updates. Vendor advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-30478. Organizations unable to apply controls should evaluate decommissioning MapServer 5 due to exploit code availability and absence of patching timeline.
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20960
GHSA-9vwp-gfwx-69j2