Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
PR:H confirmed by 'authenticated and authorized operator' requirement; A:L reflects temporary reader restart with no data impact.
Primary rating from Vendor (Gallagher).
CVSS VectorVendor: Gallagher
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected:
- 9.50 prior to vCR9.50.260616a (distributed in 9.50.1587(MR1))
- 9.40 prior to vCR9.40.260616a (distributed in 9.40.3130(MR3))
- 9.30 prior to vCR9.30.260616a (distributed in 9.30.3983(MR5))
- 9.20 prior to vCR9.20.260616a (distributed in 9.20.4349(MR7))
- all versions of 9.10 and prior.
AnalysisAI
Gallagher Command Centre's T20 Readers component crashes and restarts when an authenticated, high-privilege operator sends specific crafted requests, causing a temporary denial of service. Exploitation requires existing operator-level credentials and authorization - this cannot be triggered by unauthenticated or low-privilege users. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an account that is both authenticated to Gallagher Command Centre and explicitly authorized to interact with T20 Reader devices - the CVSS PR:H metric confirms high-privilege access is mandatory. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The aggregate risk signal here is uniformly low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An operator with valid Command Centre credentials and authorization to manage T20 Readers sends a specifically crafted request to the reader subsystem. The request triggers an unhandled exception in the T20 Reader process, causing it to terminate and restart, briefly interrupting physical access control operations at any door or gate using that reader. … |
| Remediation | Vendor-released patches are available for supported branches: upgrade Command Centre to 9.50.1587 (MR1), 9.40.3130 (MR3), 9.30.3983 (MR5), or 9.20.4349 (MR7) as appropriate for your deployment, containing build vCR9.x0.260616a for the respective branch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-248 – Uncaught Exception
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42001
GHSA-56pq-38g7-f784