PatchSiren cyber security CVE debrief
CVE-2026-42365 GeoVision Inc. CVE debrief
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypass. An attacker can bruteforce session cookies to trigger this vulnerability.
- Vendor
- GeoVision Inc.
- Product
- GV-LPC2011/LPC2211
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-04
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-05-04
- Advisory updated
- 2026-06-15
Who should care
Users of GeoVision LPC2011/LPC2211 1.10
Technical summary
The vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. The CVSS score is 8.6, with a severity of HIGH.
Defensive priority
HIGH
Recommended defensive actions
- Update to a patched version of GeoVision LPC2011/LPC2211
- Implement additional security measures to protect against bruteforce attacks
Evidence notes
The vulnerability was reported by Talos Intelligence and is tracked as TALOS-2025-2332.
Official resources
-
CVE-2026-42365 CVE record
CVE.org
-
CVE-2026-42365 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
0df08a0e-a200-4957-9bb0-084f562506f9 - Third Party Advisory
-
Mitigation or vendor reference
0df08a0e-a200-4957-9bb0-084f562506f9 - Vendor Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-42365 was published on 2026-05-04T01:16:03.620Z and modified on 2026-06-15T21:16:53.367Z.