CVE-2026-1241
Authentication Bypass in Pelco Sarix Cameras Enables Unauthorized Video Access
Publication date: 2026-02-26
Last updated on: 2026-02-26
Assigner: ICS-CERT
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pelco_inc | sarix_professional_3_series_cameras | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized viewing of live video streams, which poses privacy concerns and operational risks for organizations using these cameras.
It may also expose operators to regulatory and compliance challenges.
Can you explain this vulnerability to me?
The Pelco, Inc. Sarix Professional 3 Series Cameras have a vulnerability in their web management interface that allows authentication bypass. This means that due to insufficient enforcement of access controls, some functions of the camera can be accessed without proper authentication.
As a result, unauthorized users may be able to view live video streams without permission.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability may expose operators to regulatory and compliance challenges, implying that it could negatively impact compliance with standards and regulations such as GDPR and HIPAA by potentially allowing unauthorized access to sensitive video data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know