CVE-2026-7841
Deferred Deferred - Pending Action
Remote Code Execution in GeoVision GV-ASWeb

Publication date: 2026-05-06

Last updated on: 2026-05-19

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the frontend restrictions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7841
EUVD
EUVD-2026-27546
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
geovision gv-asweb 6.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not explicitly address how the CVE-2026-7841 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a remote code execution issue found in the Notification Settings of GeoVision GV-ASWeb version 6.2.0. It allows an authenticated user who has System Setting permissions to execute arbitrary commands on the server. This is done by sending a specially crafted HTTP POST request to the ASWebCommon.srf backend endpoint, which bypasses the frontend restrictions intended to prevent such actions.

Impact Analysis

The impact of this vulnerability is severe because it enables an authenticated user with certain permissions to execute arbitrary commands on the server remotely. This can lead to full compromise of the affected system, including unauthorized access, data manipulation, service disruption, or further exploitation within the network.

Mitigation Strategies

To mitigate this vulnerability, it is important to apply any available updates or patches provided by GeoVision as soon as possible, especially since this is a critical remote code execution vulnerability.

GeoVision follows a vulnerability management process that includes prompt release of unscheduled updates for critical vulnerabilities, so users should monitor GeoVision's official cybersecurity advisories and update their GV-ASWeb software accordingly.

Additionally, restricting System Setting permissions to trusted users only and monitoring for unusual HTTP POST requests to the ASWebCommon.srf backend endpoint may help reduce risk until patches are applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7841. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart