CVE-2026-20801
Severity: Medium CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Components affected: Gallagher NxWitness VMS and Gallagher Hanwha VMS integrations
Version of Command Centre affected: All versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.
Reported by: Gallagher Internal
Active exploitation of vulnerability*: None
Description of vulnerability: Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams.
Mitigating factor: Only sites making use of Gallagher Hanwha VMS integration or Gallagher NxWitness VMS integration are affected.
*This indicates whether Gallagher are aware of this being actively exploited against customer sites at the time of publication.
Stay up to date with Gallagher
Get the latest Gallagher news, updates, and event information delivered straight to your inbox.