{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20801", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "state": "PUBLISHED", "assignerShortName": "Gallagher", "dateReserved": "2026-03-01T23:45:09.734Z", "datePublished": "2026-03-03T02:41:10.357Z", "dateUpdated": "2026-03-03T16:30:31.016Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "NxWitness VMS and Hanwha VMS Integrations", "vendor": "Gallagher", "versions": [{"lessThan": "9.10.017", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "9.10.025", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Cleartext Transmission of Sensitive Information (CWE-319) in</span><strong>&nbsp;</strong><span style=\"background-color: rgb(255, 255, 255);\">a component used in the Gallagher </span><span style=\"background-color: rgb(255, 255, 255);\">Hanwha VMS and Gallagher NxWitness VMS integrations</span><b>&nbsp;</b><span style=\"background-color: rgb(255, 255, 255);\">allows unprivileged users with local network access to view live video streams. </span>\n\n \n\n<p>This issue affects a<span style=\"background-color: rgb(255, 255, 255);\">ll versions of </span><span style=\"background-color: rgb(255, 255, 255);\">Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.</span><br>\n\n</p>"}], "value": "Cleartext Transmission of Sensitive Information (CWE-319) in\u00a0a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations\u00a0allows unprivileged users with local network access to view live video streams. \n\n \n\nThis issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2026-03-03T02:41:10.357Z"}, "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-03T16:27:35.448713Z", "id": "CVE-2026-20801", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T16:30:31.016Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20801", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-03T16:27:35.448713Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-03T16:30:26.575Z"}}], "cna": {"source": {"discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Gallagher", "product": "NxWitness VMS and Hanwha VMS Integrations", "versions": [{"status": "affected", "version": "0", "lessThan": "9.10.017", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "9.10.025", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Cleartext Transmission of Sensitive Information (CWE-319) in\u00a0a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations\u00a0allows unprivileged users with local network access to view live video streams. \n\n \n\nThis issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Cleartext Transmission of Sensitive Information (CWE-319) in</span><strong>&nbsp;</strong><span style=\"background-color: rgb(255, 255, 255);\">a component used in the Gallagher </span><span style=\"background-color: rgb(255, 255, 255);\">Hanwha VMS and Gallagher NxWitness VMS integrations</span><b>&nbsp;</b><span style=\"background-color: rgb(255, 255, 255);\">allows unprivileged users with local network access to view live video streams. </span>\n\n \n\n<p>This issue affects a<span style=\"background-color: rgb(255, 255, 255);\">ll versions of </span><span style=\"background-color: rgb(255, 255, 255);\">Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.</span><br>\n\n</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2026-03-03T02:41:10.357Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20801", "state": "PUBLISHED", "dateUpdated": "2026-03-03T16:30:31.016Z", "dateReserved": "2026-03-01T23:45:09.734Z", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "datePublished": "2026-03-03T02:41:10.357Z", "assignerShortName": "Gallagher"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cleartext Transmission of Sensitive Information (CWE-319) in\u00a0a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations\u00a0allows unprivileged users with local network access to view live video streams. \n\n \n\nThis issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025."}], "id": "CVE-2026-20801", "lastModified": "2026-03-03T21:52:29.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.4, "source": "disclosures@gallagher.com", "type": "Secondary"}]}, "published": "2026-03-03T03:15:54.540", "references": [{"source": "disclosures@gallagher.com", "url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20801"}], "sourceIdentifier": "disclosures@gallagher.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "disclosures@gallagher.com", "type": "Secondary"}]}

{}