Cyber Resilience

CVE-2026-42370

CriticalUpdated

Published: 04 May 2026

Published
04 May 2026
Modified
15 June 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0053 41.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-42370 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Geovision Gv-Vms Firmware. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

A stack overflow vulnerability, tracked as CVE-2026-42370 and published on 2026-05-04, affects the WebCam Server Login functionality in GeoVision GV-VMS V20 version 20.0.2. This flaw, classified under CWE-787 (Out-of-bounds Write), allows a specially crafted HTTP request to trigger a stack overflow, potentially leading to arbitrary code execution. The vulnerability carries a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its network accessibility, changed scope, and high impacts across confidentiality, integrity, and availability.

An unauthenticated attacker can exploit this vulnerability remotely over the network by sending a malicious HTTP request to the affected WebCam Server Login endpoint. Successful exploitation requires high attack complexity but no user interaction or privileges, enabling the attacker to achieve arbitrary code execution on the target system. This could allow full compromise of the GV-VMS server, potentially leading to unauthorized access, data theft, or further lateral movement within the victim's environment.

For mitigation details, security practitioners should consult the primary advisories from Talos Intelligence at https://talosintelligence.com/vulnerability_reports/ and GeoVision's cyber security page at https://www.geovision.com.tw/cyber_security.php, which may provide patch information, workarounds, or updated versions of GV-VMS.

EU & UK References

Vulnerability details

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated stack overflow in public-facing WebCam Server Login endpoint directly enables T1190 (Exploit Public-Facing Application) for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-7372Same product: Geovision Gv-Vms
CVE-2025-27807Shared CWE-787
CVE-2024-48856Shared CWE-787
CVE-2025-14234Shared CWE-787
CVE-2018-25223Shared CWE-787
CVE-2018-25154Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-29384Shared CWE-787
CVE-2024-12648Shared CWE-787
CVE-2025-30276Shared CWE-787

Affected Assets

geovision
gv-vms firmware
≤ 21.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires identifying, reporting, and correcting system flaws like this stack overflow vulnerability through timely patching, directly eliminating the CVE.

prevent

SI-10 mandates validating HTTP inputs to the WebCam Server Login endpoint, preventing specially crafted requests from triggering the stack overflow.

prevent

SI-16 implements memory safeguards such as stack canaries and ASLR to protect against exploitation of the stack overflow leading to arbitrary code execution.

References