CVE-2026-20757
Received Received - Intake
Improper Locking in Gallagher Command Centre Causes DoS

Publication date: 2026-03-03

Last updated on: 2026-03-03

Assigner: Gallagher Group Ltd.

Description
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-03-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20757
EUVD
EUVD-2026-9275
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gallagher command_centre_server to vEL9.10.4647|end_excluding=9.00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20757 is an Improper Locking vulnerability (CWE-667) found in the Gallagher Morpho integration module of the Gallagher Command Centre Server. It allows a privileged operator to cause a limited denial-of-service (DoS) condition on the Command Centre Server.

This issue affects specific versions of the Command Centre Server prior to certain patch levels, and only impacts sites licensed to use the Gallagher Morpho integration.

Impact Analysis

The vulnerability can allow a privileged operator to induce a limited denial-of-service (DoS) condition on the Gallagher Command Centre Server. This means that the server may become temporarily unavailable or unresponsive, potentially disrupting normal operations.

However, the impact is limited and the vulnerability is rated as low severity with no known active exploitation at the time of the advisory.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that your Gallagher Command Centre Server is updated to a fixed version beyond the affected releases.

  • Upgrade to version vEL9.40.1976 (MR1) or later if you are running 9.40.
  • Upgrade to version vEL9.30.3382 (MR4) or later if you are running 9.30.
  • Upgrade to version vEL9.20.3783 (MR6) or later if you are running 9.20.
  • Upgrade to version vEL9.10.4647 (MR9) or later if you are running 9.10.
  • If running version 9.00 or earlier, upgrade to a supported fixed version.

Additionally, restrict privileged operator access to trusted personnel only, as the vulnerability requires privileged operator permissions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart