Skip to main content

Genetec Security Center

3 CVEs product

Monthly

CVE-2026-55727 HIGH PATCH This Week

Unauthenticated video stream access in Genetec Security Center 5.14.0.0 (builds prior to 5.14.178.18) lets remote attackers pull live video feeds by exploiting a flaw in the authentication mechanism that guards video stream requests. Because the CVSS vector is AV:N/PR:N/UI:N, no credentials or user interaction are needed, and the CWE-287 root cause means the stream endpoint fails to properly verify the requester's identity. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and no EPSS score was provided.

Authentication Bypass Genetec Security Center
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-40619 HIGH This Week

Local credential exposure in Genetec Security Center main server installations allows an attacker with local OS privileges on the main server host to retrieve Server Admin credentials, enabling escalation to full Security Center administrative control. The flaw is tied to specific vulnerable installer builds rather than version numbers, meaning hosts running 5.10.4.0, 5.11.3.0, 5.12.2.0 or 5.13.3.0 may or may not be vulnerable depending on the installation package hash. No public exploit identified at time of analysis and no evidence of active exploitation per the vendor advisory.

Information Disclosure Genetec Security Center
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27768 MEDIUM PATCH This Month

SQL injection in Genetec Security Center's Access Manager role enables a remote attacker with high privileges to achieve full confidentiality, integrity, and availability impact against the underlying database. The vulnerability spans multiple major release branches (5.9 through 5.13) of this widely deployed physical security management platform, covering access control, video surveillance, and license plate recognition environments. Vendor-released patches are confirmed available for the 5.12 and 5.13 branches; no public exploit has been identified at time of analysis and SSVC assessment confirms no current exploitation activity.

SQLi Genetec Security Center
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated video stream access in Genetec Security Center 5.14.0.0 (builds prior to 5.14.178.18) lets remote attackers pull live video feeds by exploiting a flaw in the authentication mechanism that guards video stream requests. Because the CVSS vector is AV:N/PR:N/UI:N, no credentials or user interaction are needed, and the CWE-287 root cause means the stream endpoint fails to properly verify the requester's identity. There is no public exploit identified at time of analysis, it is not listed in CISA KEV, and no EPSS score was provided.

Authentication Bypass Genetec Security Center
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local credential exposure in Genetec Security Center main server installations allows an attacker with local OS privileges on the main server host to retrieve Server Admin credentials, enabling escalation to full Security Center administrative control. The flaw is tied to specific vulnerable installer builds rather than version numbers, meaning hosts running 5.10.4.0, 5.11.3.0, 5.12.2.0 or 5.13.3.0 may or may not be vulnerable depending on the installation package hash. No public exploit identified at time of analysis and no evidence of active exploitation per the vendor advisory.

Information Disclosure Genetec Security Center
NVD VulDB
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

SQL injection in Genetec Security Center's Access Manager role enables a remote attacker with high privileges to achieve full confidentiality, integrity, and availability impact against the underlying database. The vulnerability spans multiple major release branches (5.9 through 5.13) of this widely deployed physical security management platform, covering access control, video surveillance, and license plate recognition environments. Vendor-released patches are confirmed available for the 5.12 and 5.13 branches; no public exploit has been identified at time of analysis and SSVC assessment confirms no current exploitation activity.

SQLi Genetec Security Center
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy