CVE-2026-20801

MEDIUM 5.6

CVSS Score

5.6

EPSS Score

0.0%

EPSS Percentile

0th

Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.

CWE	CWE-319
Vendor	gallagher
Product	nxwitness vms and hanwha vms integrations
Published	Mar 3, 2026
Last Updated	Mar 3, 2026

Stay Ahead of the Next One

Get instant alerts for gallagher nxwitness vms and hanwha vms integrations

Be the first to know when new medium vulnerabilities affecting gallagher nxwitness vms and hanwha vms integrations are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

Gallagher / NxWitness VMS and Hanwha VMS Integrations

0 < 9.10.017 0 < 9.10.025

References

NVD ↗ CVE.org ↗ EPSS Data ↗

security.gallagher.com: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801