PatchSiren cyber security CVE debrief
CVE-2026-42368 GeoVision Inc. CVE debrief
CVE-2026-42368 is a critical privilege escalation vulnerability in GeoVision LPC2011/LPC2211 version 1.10. The vulnerability exists in the Web Interface functionality and can be triggered by a specially crafted HTTP request, allowing an attacker to execute privileged operations by visiting a webpage.
- Vendor
- GeoVision Inc.
- Product
- GV-LPC2011/LPC2211
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-04
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-05-04
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of GeoVision LPC2011/LPC2211 version 1.10 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 9.9 and is classified as CRITICAL. It can be exploited over the network with low attack complexity, requiring low privileges and no user interaction. Successful exploitation can lead to high impacts on confidentiality, integrity, and availability.
Defensive priority
high
Recommended defensive actions
- Apply patches or updates provided by the vendor (see [ref-5](resourceLinkAnnotations.ref-5))
- Restrict access to the Web Interface functionality
- Monitor for suspicious HTTP requests
Evidence notes
The vulnerability is confirmed by the CVE record ([cve-org](resourceLinkAnnotations.cve-org)) and NVD detail ([nvd](resourceLinkAnnotations.nvd)).
Official resources
-
CVE-2026-42368 CVE record
CVE.org
-
CVE-2026-42368 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
0df08a0e-a200-4957-9bb0-084f562506f9 - Broken Link
-
Mitigation or vendor reference
0df08a0e-a200-4957-9bb0-084f562506f9 - Vendor Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-42368 was published on 2026-05-04T01:16:04.020Z and modified on 2026-06-15T21:16:53.610Z.