PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-26053 Gallagher CVE debrief

An Incorrect Privilege Assignment vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. This could lead to unauthorized actions within the Command Centre Server environment. The vulnerability has been assigned a CVSS score of 5.3, indicating a medium severity level. Affected versions include 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), and all versions of 9.10. Security teams and administrators should assess the impact and apply necessary patches or mitigations.

Vendor
Gallagher
Product
Command Centre Server
CVSS
MEDIUM 5.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Security teams and administrators responsible for Gallagher Command Centre Server installations should assess and mitigate this vulnerability. They should review the current configurations, apply patches or updates to affected versions, and monitor for suspicious activity. Additionally, they should review and adjust user privileges to prevent unauthorized actions.

Technical summary

The Command Centre Server is affected by an Incorrect Privilege Assignment vulnerability, which allows an authenticated operator with limited privileges to perform unauthorized operations. Affected versions include 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), and all versions of 9.10. The vulnerability has a CVSS score of 5.3, indicating medium severity. The issue arises from incorrect privilege assignments, allowing operators to perform actions beyond their intended privileges.

Defensive priority

Medium priority given the CVSS score of 5.3 and the potential for unauthorized actions.

Recommended defensive actions

  • Inventory and assess Gallagher Command Centre Server installations for vulnerability
  • Apply patches or updates to affected versions
  • Monitor for suspicious activity
  • Review and adjust user privileges
  • Implement compensating controls
  • Review security advisories for additional guidance
  • Track remediation progress and verify fixes

Evidence notes

Evidence is based on official CVE and NVD records, as well as a security advisory from Gallagher. Further details about affected versions and patches are needed. The vulnerability has a CVSS score of 5.3, indicating medium severity. Gallagher Command Centre Server versions 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), and all versions of 9.10 are affected. Limited information is available about potential exploits or attacks.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T05:16:50.117Z and has not been modified since then.