Vulnerability in Vertigis Fm

CVE-2026-0522

A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path during its upload. When the file is subseq…

EPSS: 0.004 (57.7th percentile) — read the EPSS interpretation.

Affected products

Vertigis Fm — versions 0

Weakness classification (CWE)

CWE-610 — Externally Controlled Reference to a Resource in Another Sphere

References

www.redguard.ch/blog/2026/04/01/advisory-vertigis-vertigisfm/ (third-party-advisory, technical-description)
support.vertigis.com/hc/en-us/articles/31214433137042-Security-Vulnerability-Ve… (vendor-advisory)