CVE-2026-27790 PUBLISHED

Assigner: Gallagher
Reserved: 01.03.2026 Published: 07.07.2026 Updated: 07.07.2026

Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected:

  • 9.50 prior to vCR9.50.260616a (distributed in 9.50.1587(MR1))
  • 9.40 prior to vCR9.40.260616a (distributed in 9.40.3130(MR3))
  • 9.30 prior to vCR9.30.260616a (distributed in 9.30.3983(MR5))
  • 9.20 prior to vCR9.20.260616a (distributed in 9.20.4349(MR7))
  • all versions of 9.10 and prior.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
CVSS Score: 2.7

Product Status

Vendor Gallagher
Product T-20 Readers
Versions Default: unaffected
  • affected from 0 to 9.10 (incl.)
  • affected from 9.50 to vCR9.50.260616a (excl.)
  • affected from 9.40 to vCR9.40.260616a (excl.)
  • affected from 9.30 to vCR9.30.260616a (excl.)
  • affected from 9.20 to vCR9.20.260616a (excl.)

References

Problem Types

  • CWE-248 Uncaught exception CWE