Skip to main content

GeoVision GV-VMS EUVDEUVD-2026-26861

| CVE-2026-42370 CRITICAL
Out-of-bounds Write (CWE-787)
2026-05-04 GV
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Unauthenticated single HTTP request over the network triggers stack overflow RCE in a service process, giving full host compromise - AV:N/AC:L/PR:N/UI:N with C/I/A:H, scope unchanged.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
Analysis Updated
Jun 15, 2026 - 21:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 15, 2026 - 21:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 15, 2026 - 21:22 vuln.today
cvss_changed
CVSS changed
Jun 15, 2026 - 21:22 NVD
9.0 (CRITICAL) 9.8 (CRITICAL)
Analysis Generated
May 04, 2026 - 01:47 vuln.today
EUVD ID Assigned
May 04, 2026 - 01:15 euvd
EUVD-2026-26861
Analysis Generated
May 04, 2026 - 01:15 vuln.today
CVE Published
May 04, 2026 - 00:48 nvd
CRITICAL 9.0

DescriptionNVD

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

AnalysisAI

Remote code execution in GeoVision GV-VMS V20 (version 20.0.2) allows unauthenticated attackers to corrupt stack memory via a crafted HTTP request to the WebCam Server Login functionality, leading to arbitrary code execution on the video management system. The flaw is a CWE-787 out-of-bounds write (stack buffer overflow) carrying a CVSS 9.8 score, and no public exploit identified at time of analysis, though Talos has published a vulnerability report (TALOS-2026-2369). EPSS is currently low at 0.12%, but the unauthenticated network attack surface on a video surveillance product makes this a high-priority patching target.

Technical ContextAI

GeoVision GV-VMS is a Windows-based Video Management System used to aggregate, view, and record streams from IP cameras and DVRs in commercial and industrial surveillance deployments (CPE: cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2). The vulnerability sits in the WebCam Server component's Login handler, which exposes an HTTP interface intended for remote camera/operator access. CWE-787 (Out-of-bounds Write) on the stack typically indicates that an oversized or attacker-controlled length field in the login request is copied into a fixed-size stack buffer without bounds checking, overwriting the saved return address or adjacent control data and enabling hijack of execution flow - classic memory-corruption RCE territory on a native C/C++ server process.

RemediationAI

No vendor-released patch identified at time of analysis in the supplied data; consult the GeoVision security advisory page (https://www.geovision.com.tw/cyber_security.php) and the Talos report (https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2369) for a fixed build of GV-VMS V20, and upgrade once available. In the interim, restrict the WebCam Server HTTP interface to a management VLAN or VPN and block its listening port at the perimeter firewall so it is unreachable from untrusted networks (trade-off: legitimate remote camera operators must use the VPN); place the GV-VMS host behind a reverse proxy or WAF that enforces strict size limits on Login request fields to blunt the stack overflow (trade-off: may break overly long legitimate credentials and adds an inline failure point); and if the WebCam Server feature is not in use, disable it in the GV-VMS configuration to remove the vulnerable code path entirely (trade-off: loses remote browser-based camera viewing).

Share

EUVD-2026-26861 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy