Skip to main content

Command Centre EUVDEUVD-2026-42001

| CVE-2026-27790 LOW
Uncaught Exception (CWE-248)
2026-07-07 Gallagher GHSA-56pq-38g7-f784
2.7
CVSS 3.1 · Vendor: Gallagher

Severity by source

Vendor (Gallagher) PRIMARY
2.7 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
vuln.today AI
2.7 LOW

PR:H confirmed by 'authenticated and authorized operator' requirement; A:L reflects temporary reader restart with no data impact.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Gallagher).

CVSS VectorVendor: Gallagher

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 05:19 vuln.today

DescriptionCVE.org

Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected:

  • 9.50 prior to vCR9.50.260616a (distributed in 9.50.1587(MR1))
  • 9.40 prior to vCR9.40.260616a (distributed in 9.40.3130(MR3))
  • 9.30 prior to vCR9.30.260616a (distributed in 9.30.3983(MR5))
  • 9.20 prior to vCR9.20.260616a (distributed in 9.20.4349(MR7))
  • all versions of 9.10 and prior.

AnalysisAI

Gallagher Command Centre's T20 Readers component crashes and restarts when an authenticated, high-privilege operator sends specific crafted requests, causing a temporary denial of service. Exploitation requires existing operator-level credentials and authorization - this cannot be triggered by unauthenticated or low-privilege users. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain authorized operator credentials
Delivery
Authenticate to Command Centre
Exploit
Send crafted request to T20 Reader component
Execution
Trigger uncaught exception
Persist
Reader process restarts
Impact
Temporary access control disruption

Vulnerability AssessmentAI

Exploitation Exploitation requires an account that is both authenticated to Gallagher Command Centre and explicitly authorized to interact with T20 Reader devices - the CVSS PR:H metric confirms high-privilege access is mandatory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The aggregate risk signal here is uniformly low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An operator with valid Command Centre credentials and authorization to manage T20 Readers sends a specifically crafted request to the reader subsystem. The request triggers an unhandled exception in the T20 Reader process, causing it to terminate and restart, briefly interrupting physical access control operations at any door or gate using that reader. …
Remediation Vendor-released patches are available for supported branches: upgrade Command Centre to 9.50.1587 (MR1), 9.40.3130 (MR3), 9.30.3983 (MR5), or 9.20.4349 (MR7) as appropriate for your deployment, containing build vCR9.x0.260616a for the respective branch. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42001 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy