CVE-2026-20757 PUBLISHED

Assigner: Gallagher
Reserved: 01.03.2026 Published: 03.03.2026 Updated: 03.03.2026

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server.

This issue affects Command Centre Server:

9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 2.5

Attack Vector	Local	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Gallagher
Product	Command Centre Server
Versions	Default: affected affected from 0 to 9.00 (incl.) affected from 9.40 to 9.40.1976(MR1) (excl.) affected from 9.30 to 9.30.3382 (MR4) (excl.) affected from 9.20 to 9.20.3783 (MR6) (excl.) affected from 9.10 to 9.10.4647 (MR9) (excl.)

References

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20757

Problem Types

CWE-667 Improper Locking CWE