CVE-2026-26053
Received
Received - Intake
Incorrect Privilege Assignment in Gallagher Command Centre
Vulnerability report for CVE-2026-26053, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-07
Last updated on: 2026-07-07
Assigner: Gallagher Group Ltd.
Description
Description
An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gallagher | command_centre_server | to vEL9.50.1587 (exc) |
| gallagher | command_centre_server | to vEL9.40.3130 (exc) |
| gallagher | command_centre_server | to vEL9.30.3983 (exc) |
| gallagher | command_centre_server | to vEL9.20.4349 (exc) |
| gallagher | command_centre_server | 9.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |