CVE-2026-1241
Received Received - Intake
Authentication Bypass in Pelco Sarix Cameras Enables Unauthorized Video Access

Publication date: 2026-02-26

Last updated on: 2026-02-26

Assigner: ICS-CERT

Description
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-26
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-1241
EUVD
EUVD-2026-8874
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pelco_inc sarix_professional_3_series_cameras *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Pelco, Inc. Sarix Professional 3 Series Cameras have a vulnerability in their web management interface that allows authentication bypass. This means that due to insufficient enforcement of access controls, some functions of the camera can be accessed without proper authentication.

As a result, unauthorized users may be able to view live video streams without permission.

Impact Analysis

This vulnerability can lead to unauthorized viewing of live video streams, which poses privacy concerns and operational risks for organizations using these cameras.

It may also expose operators to regulatory and compliance challenges.

Compliance Impact

The vulnerability may expose operators to regulatory and compliance challenges, implying that it could negatively impact compliance with standards and regulations such as GDPR and HIPAA by potentially allowing unauthorized access to sensitive video data.

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1241. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart