Skip to main content

GeoVision GV-VMS EUVD-2026-26861

| CVE-2026-42370 CRITICAL
Out-of-bounds Write (CWE-787)
2026-05-04 GV
RCE Buffer Overflow Memory Corruption
9.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 04, 2026 - 01:47 vuln.today
EUVD ID Assigned
May 04, 2026 - 01:15 euvd
EUVD-2026-26861
Analysis Generated
May 04, 2026 - 01:15 vuln.today
CVE Published
May 04, 2026 - 00:48 nvd
CRITICAL 9.0

DescriptionNVD

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

AnalysisAI

Stack buffer overflow in GeoVision GV-VMS V20 20.0.2 WebCam Server Login functionality enables remote unauthenticated code execution via crafted HTTP requests. CVSS 9.0 with scope change reflects potential for full system compromise beyond the vulnerable component. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

24 hours: Inventory all GeoVision GV-VMS V20 20.0.2 instances across the organization and isolate affected systems from untrusted networks. 7 days: Contact GeoVision for patch availability status and interim build updates; implement network segmentation restricting WebCam Server access to administratively-controlled subnets only. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-26861 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy