Release Date: 2026/05/04
Advisory ID
GV-ASM-2026-04-01
CVE ID
CVE-2026-7841
Affected Product
ASManager V6.2.0 or earlier
Security Issue
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the frontend restrictions.
Resolution
Reported Vulnerability is going to be fixed with the official release of GeoVision's ASMAnager V6.3.0
If you have any questions or concerns in regards the cybersecurity issue, please contact our cybersecurity team: security@geovision.com.tw.