CVE-2026-20801 PUBLISHED

Assigner: Gallagher
Reserved: 01.03.2026 Published: 03.03.2026 Updated: 03.03.2026

Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams.

This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Score: 5.6

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Gallagher
Product	NxWitness VMS and Hanwha VMS Integrations
Versions	Default: affected affected from 0 to 9.10.017 (excl.) affected from 0 to 9.10.025 (excl.)

References

https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801

Problem Types

CWE-319 Cleartext Transmission of Sensitive Information CWE