Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-40412: Azure Orbital Spatio Unrestricted File Upload

CVE-2026-40412

Summary

An attacker can upload malicious files to Azure Orbital Spatio, potentially allowing them to execute code remotely. This can lead to unauthorized access and control of the system. To mitigate this risk, ensure that Azure Orbital Spatio's file upload functionality is properly configured and restricted.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions
microsoft	azure_orbital_spatio	All versions `cpe:2.3:a:microsoft:azure_orbital_spatio:-:::::::*`

Original title

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.

Original description

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.

nvd CVSS3.1 10.0

Vulnerability type

CWE-434 Unrestricted File Upload

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40412

Published: 22 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026