CVE-2026-26053

Summary

An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10.

Affected Software

VendorProductVersion RangeStatus
GallagherCommand Centre Server9.10affected
GallagherCommand Centre Server9.50 < vEL9.50.1587(MR1)affected
GallagherCommand Centre Server9.40 < vEL9.40.3130(MR3)affected
GallagherCommand Centre Server9.30 < vEL9.30.3983(MR5)affected
GallagherCommand Centre Server9.20 < vEL9.20.4349(MR7)affected

Weaknesses

  • CWE-266: CWE-266 Incorrect privilege assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References