PatchSiren

Gallagher CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW Gallagher CVE published 2026-07-07

CVE-2026-27844

CVE-2026-27844 is an Uncaught Exception vulnerability in the Controller 6000 and Controller 7000 diagnostic web interface. An authenticated and authorized operator can trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. The vulnerability, classified as CWE-248 Uncaught Exception, allows an authenticated and authorized operator to trigger a Controller rest [truncated]

LOW Gallagher CVE published 2026-07-07

CVE-2026-27790

CVE-2026-27790 is an Uncaught Exception vulnerability in T20 Readers. An authenticated and authorized operator can trigger a restart by sending specific requests, resulting in a temporary denial of service. Affected versions include Command Centre 9.50 prior to vCR9.50.260616a, 9.40 prior to vCR9.40.260616a, 9.30 prior to vCR9.30.260616a, 9.20 prior to vCR9.20.260616a, and all versions of 9.10 and prior. [truncated]

MEDIUM Gallagher CVE published 2026-07-07

CVE-2026-26053

An Incorrect Privilege Assignment vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. This could lead to unauthorized actions within the Command Centre Server environment. The vulnerability has been assigned a CVSS score of 5.3, indicating a medium severity level. Affected vers [truncated]

HIGH Gallagher CVE published 2026-05-25

CVE-2026-25193

CVE-2026-25193 is a HIGH severity vulnerability (CVSS 8.1) involving insertion of sensitive information into log files (CWE-532) in Gallagher Command Centre Service installers. The issue was published on 2026-05-25 and last modified on 2026-05-26. When administrators install Command Centre Services using a custom Service Account rather than the default Network Service account, the installer may write Serv [truncated]