CVE-2026-20757

Summary

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server.

This issue affects Command Centre Server:

9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Centre Server0 <= 9.00affected
GallagherCommand Centre Server9.40 < 9.40.1976(MR1)affected
GallagherCommand Centre Server9.30 < 9.30.3382 (MR4)affected
GallagherCommand Centre Server9.20 < 9.20.3783 (MR6)affected
GallagherCommand Centre Server9.10 < 9.10.4647 (MR9)affected

Weaknesses

  • CWE-667: CWE-667 Improper Locking

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References