Home / Vulnerability Intelligence / CVE-2026-7372

CVE-2026-7372 - Vulnerability Analysis

CriticalCVSS: 9.0

Last Updated: May 4, 2026

GeoVision GV-VMS - Remote Code Execution

Published: May 4, 2026Updated: May 4, 2026Remote Exploitable

Overview

GeoVision GV-VMS V20 20.0.2 contains a stack overflow caused by unconstrained sscanf usage in WebCam Server Login, letting unauthenticated attackers execute arbitrary code as SYSTEM, exploit requires crafted HTTP request.

Severity & Score

Severity: Critical

CVSS Score: 9.0

Impact

Unauthenticated attackers can execute arbitrary code as SYSTEM, leading to full system compromise.

Mitigation

Update to the latest version of GeoVision GV-VMS.

References

https://talosintelligence.com/vulnerability_reports/
https://www.geovision.com.tw/cyber_security.php

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7372
Severity: Critical
CVSS Score: 9.0
Type: buffer_overflow
Status: new

CWE

CWE-787

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H