CVE-2026-26053
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Gallagher | Command Centre Server | 9.10 | affected |
| Gallagher | Command Centre Server | 9.50 < vEL9.50.1587(MR1) | affected |
| Gallagher | Command Centre Server | 9.40 < vEL9.40.3130(MR3) | affected |
| Gallagher | Command Centre Server | 9.30 < vEL9.30.3983(MR5) | affected |
| Gallagher | Command Centre Server | 9.20 < vEL9.20.4349(MR7) | affected |
Weaknesses
- CWE-266: CWE-266 Incorrect privilege assignment
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.