CVE-2026-29114

LOW

Dahua Ipc - Insertion of Sensitive Information into Externally-Accessible File or Directory

Title source: rule

Description

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain.

References (1)

Core 1

Core References

https://www.dahuasecurity.com/about-dahua/trust-center/dahua-psirt/dhcc-sa-202606-001:-security-advisory-%E2%80%93-vulnerabilities-found-in-some-dahua-products

Scores

CVSS v4 2.3

EPSS 0.0017

EPSS Percentile 6.2%

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-538

Status published

Products (1)

Dahua/IPC Some IPC models are affected, specifically those with a build date before April 15, 2026.

Published Jun 10, 2026

Tracked Since Jun 10, 2026