FKIE_CVE-2026-20801

Vulnerability from fkie_nvd - Published: 2026-03-03 03:15 - Updated: 2026-03-03 21:52
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.
References
disclosures@gallagher.comhttps://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cleartext Transmission of Sensitive Information (CWE-319) in\u00a0a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations\u00a0allows unprivileged users with local network access to view live video streams. \n\n \n\nThis issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025."
    },
    {
      "lang": "es",
      "value": "Transmisi\u00f3n en texto claro de informaci\u00f3n sensible (CWE-319) en un componente utilizado en las integraciones de Gallagher Hanwha VMS y Gallagher NxWitness VMS permite a usuarios sin privilegios con acceso a la red local visualizar transmisiones de video en vivo.\n\nEste problema afecta a todas las versiones de la integraci\u00f3n de Gallagher NxWitness VMS anterior a la 9.10.017 y a la integraci\u00f3n de Gallagher Hanwha VMS anterior a la 9.10.025."
    }
  ],
  "id": "CVE-2026-20801",
  "lastModified": "2026-03-03T21:52:29.877",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4,
        "source": "disclosures@gallagher.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-03T03:15:54.540",
  "references": [
    {
      "source": "disclosures@gallagher.com",
      "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801"
    }
  ],
  "sourceIdentifier": "disclosures@gallagher.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "disclosures@gallagher.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.