Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for XProtect Management Server by Milestone Systems

    CVE-2026-3014 (GCVE-0-2026-3014)

    Vulnerability from nvd – Published: 2026-07-14 09:45 – Updated: 2026-07-15 13:03
    VLAI
    Title
    Remote Code Execution by administrative user on the Management Server
    Summary
    Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API.  The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Milestone Systems XProtect Management Server Affected: 0 , ≤ 25.3 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T12:08:38.312691Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:08:51.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "XProtect Management Server",
              "vendor": "Milestone Systems",
              "versions": [
                {
                  "lessThanOrEqual": "25.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMilestone\nhas released a new version of XProtect\u00ae (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service.\u003c/p\u003e"
                }
              ],
              "value": "Milestone\nhas released a new version of XProtect\u00ae (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\u00a0\n\n\n\nThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T13:03:26.151Z",
            "orgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
            "shortName": "Milestone"
          },
          "references": [
            {
              "tags": [
                "permissions-required"
              ],
              "url": "https://support.milestonesys.com/article/CVE-2026-3014-potential-remote-code-execution-by-admin-user-on-Management-Server"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/milestone_security_advisory_CVE-2026-3014_potential_remote_code_execution_by_admin_user_on_Management_Server.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTo\nmitigate the issue, we highly recommend upgrading to the latest version of\nXProtect VMS. For versions 2023 R3 \u2013 2025 R3, please use the\nprovided cumulative patches.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe affected components that need to be patched are\nXProtect Management Server, XProtect Recording Server and XProtect Management\nClient.\u003c/p\u003e"
                }
              ],
              "value": "To\nmitigate the issue, we highly recommend upgrading to the latest version of\nXProtect VMS. For versions 2023 R3 \u2013 2025 R3, please use the\nprovided cumulative patches.\u00a0\n\n\n\nThe affected components that need to be patched are\nXProtect Management Server, XProtect Recording Server and XProtect Management\nClient."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Code Execution by administrative user on the Management Server",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
        "assignerShortName": "Milestone",
        "cveId": "CVE-2026-3014",
        "datePublished": "2026-07-14T09:45:22.651Z",
        "dateReserved": "2026-02-23T09:28:18.635Z",
        "dateUpdated": "2026-07-15T13:03:26.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3014 (GCVE-0-2026-3014)

    Vulnerability from cvelistv5 – Published: 2026-07-14 09:45 – Updated: 2026-07-15 13:03
    VLAI
    Title
    Remote Code Execution by administrative user on the Management Server
    Summary
    Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API.  The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Milestone Systems XProtect Management Server Affected: 0 , ≤ 25.3 (custom)
    Create a notification for this product.
    Date Public
    2026-07-14 10:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T12:08:38.312691Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T12:08:51.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "XProtect Management Server",
              "vendor": "Milestone Systems",
              "versions": [
                {
                  "lessThanOrEqual": "25.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2026-07-14T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eMilestone\nhas released a new version of XProtect\u00ae (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service.\u003c/p\u003e"
                }
              ],
              "value": "Milestone\nhas released a new version of XProtect\u00ae (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\u00a0\n\n\n\nThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T13:03:26.151Z",
            "orgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
            "shortName": "Milestone"
          },
          "references": [
            {
              "tags": [
                "permissions-required"
              ],
              "url": "https://support.milestonesys.com/article/CVE-2026-3014-potential-remote-code-execution-by-admin-user-on-Management-Server"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/milestone_security_advisory_CVE-2026-3014_potential_remote_code_execution_by_admin_user_on_Management_Server.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eTo\nmitigate the issue, we highly recommend upgrading to the latest version of\nXProtect VMS. For versions 2023 R3 \u2013 2025 R3, please use the\nprovided cumulative patches.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe affected components that need to be patched are\nXProtect Management Server, XProtect Recording Server and XProtect Management\nClient.\u003c/p\u003e"
                }
              ],
              "value": "To\nmitigate the issue, we highly recommend upgrading to the latest version of\nXProtect VMS. For versions 2023 R3 \u2013 2025 R3, please use the\nprovided cumulative patches.\u00a0\n\n\n\nThe affected components that need to be patched are\nXProtect Management Server, XProtect Recording Server and XProtect Management\nClient."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Code Execution by administrative user on the Management Server",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
        "assignerShortName": "Milestone",
        "cveId": "CVE-2026-3014",
        "datePublished": "2026-07-14T09:45:22.651Z",
        "dateReserved": "2026-02-23T09:28:18.635Z",
        "dateUpdated": "2026-07-15T13:03:26.151Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }