CVE-2026-4606
GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.ย During installation, ERM creates a Windows service that runs under the LocalSystem account.ย When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.ย Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.ย Any ERM function invoking Windows file open/save dialogs exposes the same risk.ย This vulnerability allows local privilege escalation and may result in full system compromise.
| CWE | CWE-250 |
| Vendor | geovision |
| Product | gv-edge recording manager |
| Published | Mar 23, 2026 |
| Last Updated | Mar 24, 2026 |
Get instant alerts for geovision gv-edge recording manager
Be the first to know when new unknown vulnerabilities affecting geovision gv-edge recording manager are published โ delivered to Slack, Telegram or Discord.