CVE-2026-32315
Received Received - Intake
Information Disclosure in motionEye Video Surveillance Software

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: GitHub, Inc.

Description
motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--), making it readable by any local user on the system. This file contains sensitive data including the admin password hash, which can be leveraged by other vulnerabilities to escalate privileges. Additionally, per-camera configuration files (camera-*.conf) are also created with the same 644 permissions, potentially exposing camera-specific credentials and settings. The exposed SHA1 admin password hash can be cracked offline to recover the plaintext password, used directly to forge authenticated admin API requests via the signature authentication weakness (GHSA-45h7-499j-7ww3), and chained with the OS command injection flaw (CVE-2025-60787) to escalate a local unprivileged user to the Motion daemon user (often root), enabling full system compromise. This issue has been fixed in version 0.44.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-32315
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
motioneye motioneye to 0.44.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-522 The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in motionEye prior to version 0.44.0 exposes sensitive data such as the admin password hash and camera-specific credentials due to insecure file permissions. This exposure can lead to unauthorized access and potential full system compromise.

Such unauthorized access and exposure of sensitive information could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Executive Summary

This vulnerability affects motionEye (mEye), an online interface for motion detection software. Versions before 0.44.0 create configuration files with permissions that allow any local user to read them. These files include the main configuration file containing the admin password hash and per-camera configuration files with camera credentials. Because the admin password hash uses SHA1, it can be cracked offline to reveal the plaintext password. Attackers can then exploit a signature authentication weakness and chain this with another vulnerability to escalate privileges, potentially gaining full system control.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive configuration files, exposing admin credentials and camera-specific settings. An attacker with local access can crack the admin password hash, forge authenticated admin API requests, and escalate privileges to the Motion daemon user, often root. This can result in full system compromise, allowing the attacker to control the surveillance system and potentially the entire host system.

Mitigation Strategies

To mitigate this vulnerability, upgrade motionEye to version 0.44.0 or later, where the issue has been fixed.

Additionally, review and restrict the permissions of the configuration files (/etc/motioneye/motion.conf and camera-*.conf) to prevent unauthorized local users from reading sensitive data.

Detection Guidance

This vulnerability can be detected by checking the permissions and contents of the configuration files created by motionEye versions prior to 0.44.0.

  • Verify if the file /etc/motioneye/motion.conf exists and check its permissions to see if it is set to 644 (-rw-r--r--), which makes it readable by any local user.
  • Check for the presence of per-camera configuration files named camera-*.conf with the same 644 permissions.
  • Commands to detect this include:
  • ls -l /etc/motioneye/motion.conf
  • ls -l /etc/motioneye/camera-*.conf
  • If you have access, you can also inspect the contents of these files to check for the presence of the admin password hash.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32315. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart