CVE-2026-42366

High

Published: 04 May 2026

Published

04 May 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

EPSS Score 0.0004 13.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-42366 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Geovision Gv-Lpc2011 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

Filters output from the ssi.cgi web interface to prevent reflection of malicious JavaScript payloads in user responses, directly mitigating reflected XSS execution.

SI-10 Information Input Validation good match

prevent

Validates inputs to the ssi.cgi functionality to reject specially crafted URLs containing XSS payloads before processing.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the identified XSS flaw in GeoVision LPC2011/LPC2211 1.10 via patching or updates.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

T1204.001 Malicious Link Execution

An adversary may rely upon a user clicking a malicious link in order to gain execution.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

Why these techniques?

Reflected XSS in public web interface directly enables client-side JS execution (T1059.007) via crafted malicious URL (T1204.001, T1190). Payload facilitates session cookie theft (T1539) for hijacking authenticated access to the device.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger…

this vulnerability.

Deeper analysisAI

CVE-2026-42366, published on 2026-05-04, describes multiple reflected cross-site scripting (XSS) vulnerabilities in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 version 1.10. A specially crafted malicious URL can lead to arbitrary JavaScript code execution when processed by the affected component. The vulnerability carries a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N) and maps to CWE-79.

A remote attacker requires no privileges and can exploit this vulnerability over the network with low complexity by providing a crafted URL to a targeted user. Exploitation depends on user interaction, such as visiting the malicious URL in a browser, which triggers the reflected XSS payload. Successful execution runs arbitrary JavaScript in the victim's browser context, potentially leading to high confidentiality impacts like session hijacking or data exfiltration due to the changed scope (S:C).

Mitigation guidance and additional details are available in advisories from Talos Intelligence at https://talosintelligence.com/vulnerability_reports/ and GeoVision's cyber security page at https://www.geovision.com.tw/cyber_security.php.