PatchSiren cyber security CVE debrief
CVE-2026-26053 Gallagher CVE debrief
An Incorrect Privilege Assignment vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. This could lead to unauthorized actions within the Command Centre Server environment. The vulnerability has been assigned a CVSS score of 5.3, indicating a medium severity level. Affected versions include 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), and all versions of 9.10. Security teams and administrators should assess the impact and apply necessary patches or mitigations.
- Vendor
- Gallagher
- Product
- Command Centre Server
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Security teams and administrators responsible for Gallagher Command Centre Server installations should assess and mitigate this vulnerability. They should review the current configurations, apply patches or updates to affected versions, and monitor for suspicious activity. Additionally, they should review and adjust user privileges to prevent unauthorized actions.
Technical summary
The Command Centre Server is affected by an Incorrect Privilege Assignment vulnerability, which allows an authenticated operator with limited privileges to perform unauthorized operations. Affected versions include 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), and all versions of 9.10. The vulnerability has a CVSS score of 5.3, indicating medium severity. The issue arises from incorrect privilege assignments, allowing operators to perform actions beyond their intended privileges.
Defensive priority
Medium priority given the CVSS score of 5.3 and the potential for unauthorized actions.
Recommended defensive actions
- Inventory and assess Gallagher Command Centre Server installations for vulnerability
- Apply patches or updates to affected versions
- Monitor for suspicious activity
- Review and adjust user privileges
- Implement compensating controls
- Review security advisories for additional guidance
- Track remediation progress and verify fixes
Evidence notes
Evidence is based on official CVE and NVD records, as well as a security advisory from Gallagher. Further details about affected versions and patches are needed. The vulnerability has a CVSS score of 5.3, indicating medium severity. Gallagher Command Centre Server versions 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), and all versions of 9.10 are affected. Limited information is available about potential exploits or attacks.
Official resources
-
CVE-2026-26053 CVE record
CVE.org
-
CVE-2026-26053 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T05:16:50.117Z and has not been modified since then.