CVE-2026-8598

CRITICAL 9.1

Unauthenticated Export Service in ZKTeco CCTV Cameras

CVSS Score

9.1

EPSS Score

0.0%

EPSS Percentile

0th

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

CWE	CWE-288
Vendor	zkteco
Product	ssc335-gc2063-face-0b77 solution camera
Published	May 20, 2026
Last Updated	May 20, 2026

Stay Ahead of the Next One

Get instant alerts for zkteco ssc335-gc2063-face-0b77 solution camera

Be the first to know when new critical vulnerabilities affecting zkteco ssc335-gc2063-face-0b77 solution camera are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

ZKTeco / SSC335-GC2063-Face-0b77 Solution Camera

0 < V5.0.1.2.20260421

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zkteco.com: https://www.zkteco.com/en/announcement/23 cisa.gov: https://www.cisa.gov/news-events/ics-advisories/icsa-26-139-04 github.com: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json

Credits

Souvik Kandar reported this vulnerability to CISA.