CVE-2026-25193
Awaiting Analysis Awaiting Analysis - Queue
Gallagher Command Centre Service Account Credentials Exposure via Log Files

Publication date: 2026-05-25

Last updated on: 2026-05-25

Assigner: Gallagher Group Ltd.

Description
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-25
Last Modified
2026-05-25
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-25193
EUVD
EUVD-2026-31636
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gallagher command_centre *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the insertion of sensitive information into a log file by some Command Centre Service installers. Specifically, it can lead to the exposure of Service Account credentials if a custom Service Account is used instead of the default Network Service account.

Impact Analysis

If you install Command Centre Services using a custom Service Account, this vulnerability could expose your Service Account credentials through log files. This exposure could allow unauthorized users to gain access to your service account, potentially leading to further compromise of your system.

Mitigation Strategies

To mitigate this vulnerability, the recommended immediate actions are to change the Service Account password if you are using a custom Service Account (not the default Network Service account).

Additionally, you should delete any installer log files that may contain sensitive information. These log files are usually located in the directory %programdata%\Gallagher\Command Centre.

Compliance Impact

This vulnerability involves the insertion of sensitive information, specifically Service Account credentials, into log files. Exposure of such credentials could lead to unauthorized access and potential data breaches.

While the CVE description does not explicitly mention compliance with standards like GDPR or HIPAA, the exposure of sensitive credentials could increase the risk of non-compliance with these regulations, which require protection of sensitive data and access controls.

Mitigation steps such as changing the Service Account password and deleting installer log files can help reduce the risk of credential exposure and thus support compliance efforts.

Detection Guidance

This vulnerability involves the insertion of sensitive Service Account credentials into installer log files. Detection can be performed by checking for the presence of these log files and inspecting them for exposed credentials.

You can look for installer log files typically located in the directory: %programdata%\Gallagher\Command Centre.

A suggested command to find these log files on a Windows system is:

  • dir %programdata%\Gallagher\Command Centre\*.log /s

After locating the log files, you can search for potential sensitive information such as service account names or passwords by using a command like:

  • findstr /i "password" %programdata%\Gallagher\Command Centre\*.log

Note that only installations using a custom Service Account (not the default Network Service account) are potentially impacted.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25193. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart