CVE-2026-20801
Received Received - Intake
Cleartext Data Exposure in Gallagher NxWitness and Hanwha VMS Integrations

Publication date: 2026-03-03

Last updated on: 2026-03-03

Assigner: Gallagher Group Ltd.

Description
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-03
Last Modified
2026-03-03
Generated
2026-05-07
AI Q&A
2026-03-03
EPSS Evaluated
2026-05-05
NVD
CVE-2026-20801
EUVD
EUVD-2026-9276
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
gallagher nxwitness_vms_integration to 9.10.017 (exc)
gallagher hanwha_vms_integration to 9.10.025 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-20801 is a medium severity vulnerability affecting Gallagher NxWitness VMS and Gallagher Hanwha VMS integrations. It involves the cleartext transmission of sensitive information, specifically live video streams, over the network. This means that unprivileged users who have access to the local network can intercept and view these live video streams without authorization.


How can this vulnerability impact me? :

This vulnerability can impact you by allowing unauthorized users on the local network to view live video streams that should be protected. This could lead to privacy breaches, unauthorized surveillance, and potential exposure of sensitive or confidential information captured by the video streams.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that you upgrade Gallagher NxWitness VMS integration to version 9.10.017 or later, and Gallagher Hanwha VMS integration to version 9.10.025 or later.

Since the vulnerability involves cleartext transmission of sensitive information allowing unprivileged users with local network access to view live video streams, restricting local network access to trusted users and segments can help reduce risk until upgrades are applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart