CVE-2026-12488 PUBLISHED

GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

Assigner: GV
Reserved: 17.06.2026 Published: 24.06.2026 Updated: 24.06.2026

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. 

A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H
CVSS Score: 6.2

Product Status

Vendor GeoVision Inc.
Product GeoVision
Versions Default: unaffected
  • Version V20.0.2 is affected
  • Version V20.1.0.0 is unaffected

Solutions

GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability. 

User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20)

or contact GeoVision Support team at support@geovision.com.tw

Credits

  • Philippe Laulheret of Cisco Talos. finder
  • Kelly Patterson of Cisco Talos. remediation reviewer
  • Robert Sherwin of Cisco Talos. coordinator

References

Problem Types

  • CWE-121 Stack-based buffer overflow CWE

Impacts

  • CAPEC-100 Overflow Buffers