CVE-2026-20801

MEDIUM

Gallagher VMS - Info Disclosure

Title source: llm

Description

Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.

References (1)

[Various Sources] https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801

Scores

CVSS v3 5.6

EPSS 0.0002

EPSS Percentile 6.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (2)

Gallagher/NxWitness VMS and Hanwha VMS Integrations < 9.10.017

Gallagher/NxWitness VMS and Hanwha VMS Integrations < 9.10.025

Published Mar 03, 2026

Tracked Since Mar 03, 2026