Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.6
Gallagher VMS Integrations Expose Live Video Streams to Local Network Users
CVE-2026-20801
Summary
A security issue in Gallagher's VMS integrations with Hanwha and NxWitness allows local network users to potentially view live video streams without permission. This affects all versions prior to 9.10.017 and 9.10.025, respectively. Update to the latest version to fix the issue.
Original title
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network acces...
Original description
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams.
This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.
This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.
nvd CVSS3.1
5.6
Vulnerability type
CWE-319
Cleartext Transmission of Sensitive Information
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026