CVE-2026-1749 Hikvision CVE debrief

Who should care

Administrators and security teams running HikCentral Professional, especially environments reachable from untrusted networks or used for centralized physical-security operations.

Technical summary

The supplied record describes an access control failure in HikCentral Professional where unauthenticated access can lead to administrative permission. The NVD metadata shows a network attack vector, no privileges or user interaction required, and changed scope with high confidentiality impact. The corpus does not provide affected-version numbers, prerequisites, or vendor remediation details.

Defensive priority

High for exposed or business-critical deployments; otherwise medium-high pending version and exposure review.

Recommended defensive actions

• Identify all HikCentral Professional deployments and confirm the exact installed versions.
• Check whether any instances are exposed to untrusted networks and restrict access where possible.
• Review Hikvision's security advisory and apply vendor-recommended mitigation or patching guidance for affected versions.
• Treat any unexpected administrative access or role changes in HikCentral Professional as suspicious and review authentication and audit logs.
• If patching is not immediately possible, place the application behind tighter network controls and limit access to trusted administrative sources only.

Evidence notes

The debrief is based only on the supplied NVD record and the Hikvision advisory referenced by NVD. The record states: 'There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.' NVD also supplies the CVSS vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N. No affected build numbers, exploit details, or fix version were provided in the corpus.

Official resources