Release Date: 2026/04/27
Advisory ID
GV-VMS-2026-04-01
CVE ID
CVE-2026-42369, CVE-2026-42370, CVE-2026-7372
Affected Product
GV-VMS V20.0.2.0 or earlier
Security Issue
CVE-2026-42369, CVE-2026-42370, CVE-2026-7372
A stack overflow vulnerability exists in the WebCam Server functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Resolution
Reported vulnerabilities are resolved with GV-VMS V21.0.0 and later versions which are available to download from GeoVision’s official download page at: Link
If you have any questions or concerns in regards the cybersecurity issue, please contact our cybersecurity team: security@geovision.com.tw.