PatchSiren cyber security CVE debrief
CVE-2026-27768 Genetec Inc. CVE debrief
A SQL injection vulnerability affecting the Access Manager role in Genetec Security Center was disclosed on May 25, 2026, with vendor documentation updated May 26, 2026. The vulnerability is classified as CWE-89 (SQL Injection) with a CVSS 3.1 score of 6.6 (Medium severity). The attack vector requires network access, high attack complexity, and high privileges (Access Manager role), with no user interaction required. Successful exploitation could result in high impact to confidentiality, integrity, and availability. Genetec has released security updates resolving this issue in Security Center versions 5.12.2.17 and 5.13.3.5. The vendor evidence is derived from reference domain analysis with low confidence and requires review, though official Genetec security documentation confirms the product and remediation details. No known exploitation in ransomware campaigns has been reported, and this CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Genetec Inc.
- Product
- Genetec Security Center
- CVSS
- MEDIUM 6.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-25
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-25
- Advisory updated
- 2026-05-26
Who should care
Organizations running Genetec Security Center with Access Manager role deployments, particularly those in physical security and access control environments where the platform manages critical infrastructure access.
Technical summary
SQL injection vulnerability in Genetec Security Center affecting the Access Manager role. CVSS 3.1: 6.6 (Medium). Attack requires network access, high complexity, and high privileges. Resolved in Security Center 5.12.2.17 and 5.13.3.5.
Defensive priority
medium
Recommended defensive actions
- Apply security updates to Genetec Security Center version 5.12.2.17 or 5.13.3.5 as documented in vendor security advisories
- Review and restrict Access Manager role assignments to minimize attack surface
- Monitor database query logs for anomalous SQL patterns from Access Manager sessions
- Validate input sanitization on all Access Manager role interfaces
- Conduct security assessment of custom integrations with Security Center Access Manager functionality
Evidence notes
Vendor identification based on reference domain candidate 'Genetec' with canonical source marked as 'reference_domain_weak' and confidence 'low' per source metadata. Official vendor security documentation confirms product as Genetec Security Center.
Official resources
2026-05-25T17:16:46.070Z