{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30478", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-09T20:17:33.346Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T16:58:49.481Z"}, "descriptions": [{"lang": "en", "value": "A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://ms4w.com"}, {"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30478"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-427", "lang": "en", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T19:55:30.468724Z", "id": "CVE-2026-30478", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T20:17:33.346Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30478", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-09T19:55:30.468724Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "CWE-427 Uncontrolled Search Path Element"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T18:34:51.239Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://ms4w.com"}, {"url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30478"}], "descriptions": [{"lang": "en", "value": "A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-09T16:58:49.481Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30478", "state": "PUBLISHED", "dateUpdated": "2026-04-09T20:17:33.346Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-09T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Dynamic-link Library Injection vulnerability in GatewayGeo MapServer for Windows version 5 allows attackers to escalate privileges via a crafted executable."}], "id": "CVE-2026-30478", "lastModified": "2026-04-13T15:02:27.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-09T18:16:58.847", "references": [{"source": "cve@mitre.org", "url": "https://github.com/penjaminTester/Research/tree/main/CVE-2026-30478"}, {"source": "cve@mitre.org", "url": "https://ms4w.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "mapserver", "vendor": "gatewaygeo"}], "analysis": {"en": {"generated_at": "2026-04-09T22:45:33.122689+00:00", "value": {"mitigation_remediation": ["Verify if a patch or update is available from the vendor and apply it immediately", "Restrict execution of the GatewayGeo MapServer binaries to trusted users only", "Disable or monitor the ability to execute external DLLs in the MapServer directory", "Use application whitelisting to block unauthorized executables", "Monitor system logs for unexpected DLL loading or privilege escalation activities"], "summary": {"action": "Assess Impact", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects GatewayGeo MapServer for Windows version 5. No vendor information is listed, and no other affected versions are specified.", "description_and_impact": "GatewayGeo MapServer for Windows 5 contains a Dynamic-link Library Injection flaw that enables an attacker to run a specially crafted executable, resulting in the execution of injected code with elevated privileges. The weakness is a classic case of improper handling of DLL loading, classed under CWE\u2011427. The impact is the potential compromise of all system resources and data on the host, allowing the attacker to modify, exfiltrate, or delete information, and to gain full control of the affected machine.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity risk, while the EPSS score is not available and the flaw is not listed in the CISA KEV catalog. The exploit requires an attacker to deliver a crafted executable to the target system; it is inferred that the attack vector is local privilege escalation, though a remote delivery path could exist if an attacker can compromise user execution. The lack of a publicly available patch increases the urgency for mitigation."}}}}, "created": "2026-04-10T08:53:58.728950+00:00", "title": "Dynamic-link Library Injection in GatewayGeo MapServer for Windows 5 Allows Privilege Escalation", "updated": "2026-04-10T09:33:08.695607+00:00", "vendors": ["gatewaygeo", "gatewaygeo$PRODUCT$mapserver"]}