CVE-2026-20757
Received Received - Intake
Improper Locking in Gallagher Command Centre Causes DoS

Publication date: 2026-03-03

Last updated on: 2026-03-03

Assigner: Gallagher Group Ltd.

Description
Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-03
Generated
2026-05-07
AI Q&A
2026-03-03
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20757
EUVD
EUVD-2026-9275
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gallagher command_centre_server to vEL9.10.4647|end_excluding=9.00 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-20757 is an Improper Locking vulnerability (CWE-667) found in the Gallagher Morpho integration module of the Gallagher Command Centre Server. It allows a privileged operator to cause a limited denial-of-service (DoS) condition on the Command Centre Server.

This issue affects specific versions of the Command Centre Server prior to certain patch levels, and only impacts sites licensed to use the Gallagher Morpho integration.


How can this vulnerability impact me? :

The vulnerability can allow a privileged operator to induce a limited denial-of-service (DoS) condition on the Gallagher Command Centre Server. This means that the server may become temporarily unavailable or unresponsive, potentially disrupting normal operations.

However, the impact is limited and the vulnerability is rated as low severity with no known active exploitation at the time of the advisory.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that your Gallagher Command Centre Server is updated to a fixed version beyond the affected releases.

  • Upgrade to version vEL9.40.1976 (MR1) or later if you are running 9.40.
  • Upgrade to version vEL9.30.3382 (MR4) or later if you are running 9.30.
  • Upgrade to version vEL9.20.3783 (MR6) or later if you are running 9.20.
  • Upgrade to version vEL9.10.4647 (MR9) or later if you are running 9.10.
  • If running version 9.00 or earlier, upgrade to a supported fixed version.

Additionally, restrict privileged operator access to trusted personnel only, as the vulnerability requires privileged operator permissions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart