CVE-2026-26053
MEDIUM
5.3
CVSS 3.1
Description
An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10.
Metadata
Severity & Metrics
5.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Gallagher | Command Centre Server | — | 9.10, 9.50 < vEL9.50.1587(MR1), 9.40 < vEL9.40.3130(MR3), 9.30 < vEL9.30.3983(MR5) … |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-266 | cna | CWE-266 Incorrect privilege assignment |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |