CVE-2026-20801

MEDIUM

Gallagher VMS - Info Disclosure

Title source: llm

Description

Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.

References (1)

[Various Sources] https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801

Scores

CVSS v3 5.6

EPSS 0.0002

EPSS Percentile 5.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-319

Status draft

Timeline

Published Mar 03, 2026

Tracked Since Mar 03, 2026