CVE-2026-20801
Received Received - Intake
Cleartext Data Exposure in Gallagher NxWitness and Hanwha VMS Integrations

Publication date: 2026-03-03

Last updated on: 2026-03-03

Assigner: Gallagher Group Ltd.

Description
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-03
Generated
2026-06-16
AI Q&A
2026-03-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-20801
EUVD
EUVD-2026-9276
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gallagher nxwitness_vms_integration to 9.10.017 (exc)
gallagher hanwha_vms_integration to 9.10.025 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-20801 is a medium severity vulnerability affecting Gallagher NxWitness VMS and Gallagher Hanwha VMS integrations. It involves the cleartext transmission of sensitive information, specifically live video streams, over the network. This means that unprivileged users who have access to the local network can intercept and view these live video streams without authorization.

Impact Analysis

This vulnerability can impact you by allowing unauthorized users on the local network to view live video streams that should be protected. This could lead to privacy breaches, unauthorized surveillance, and potential exposure of sensitive or confidential information captured by the video streams.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, ensure that you upgrade Gallagher NxWitness VMS integration to version 9.10.017 or later, and Gallagher Hanwha VMS integration to version 9.10.025 or later.

Since the vulnerability involves cleartext transmission of sensitive information allowing unprivileged users with local network access to view live video streams, restricting local network access to trusted users and segments can help reduce risk until upgrades are applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-20801. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart