CVE-2026-20757
Received Received - Intake

Improper Locking in Gallagher Command Centre Causes DoS

Vulnerability report for CVE-2026-20757, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-03

Last updated on: 2026-03-03

Assigner: Gallagher Group Ltd.

Description

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-03
Last Modified
2026-03-03
Generated
2026-07-06
AI Q&A
2026-03-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
gallagher command_centre_server to vEL9.10.4647|end_excluding=9.00 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-20757 is an Improper Locking vulnerability (CWE-667) found in the Gallagher Morpho integration module of the Gallagher Command Centre Server. It allows a privileged operator to cause a limited denial-of-service (DoS) condition on the Command Centre Server.

This issue affects specific versions of the Command Centre Server prior to certain patch levels, and only impacts sites licensed to use the Gallagher Morpho integration.

Impact Analysis

The vulnerability can allow a privileged operator to induce a limited denial-of-service (DoS) condition on the Gallagher Command Centre Server. This means that the server may become temporarily unavailable or unresponsive, potentially disrupting normal operations.

However, the impact is limited and the vulnerability is rated as low severity with no known active exploitation at the time of the advisory.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that your Gallagher Command Centre Server is updated to a fixed version beyond the affected releases.

  • Upgrade to version vEL9.40.1976 (MR1) or later if you are running 9.40.
  • Upgrade to version vEL9.30.3382 (MR4) or later if you are running 9.30.
  • Upgrade to version vEL9.20.3783 (MR6) or later if you are running 9.20.
  • Upgrade to version vEL9.10.4647 (MR9) or later if you are running 9.10.
  • If running version 9.00 or earlier, upgrade to a supported fixed version.

Additionally, restrict privileged operator access to trusted personnel only, as the vulnerability requires privileged operator permissions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart