Home / Vulnerability Intelligence / CVE-2026-42369

CVE-2026-42369 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: May 4, 2026

GV-VMS - Remote Code Execution

Published: May 4, 2026Updated: May 4, 2026Remote Exploitable

Overview

GV-VMS V20 contains a stack overflow caused by unbounded copy of a base64 decoded string in the gvapi endpoint, letting remote attackers execute code as SYSTEM, exploit requires crafted HTTP Authorization header.

Severity & Score

Severity: Critical

CVSS Score: 10.0

Impact

Remote attackers can execute code as SYSTEM, leading to full system compromise.

Mitigation

Update to the latest version with ASLR enabled and proper bounds checking in gvapi endpoint.

References

https://https://talosintelligence.com/vulnerability_reports/
https://www.geovision.com.tw/cyber_security.php

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-42369
Severity: Critical
CVSS Score: 10.0
Type: buffer_overflow
Status: new

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H