CVE-2026-27844 is an Uncaught Exception vulnerability in the Controller 6000 and Controller 7000 diagnostic web interface. An authenticated and authorized operator can trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. The vulnerability, classified as CWE-248 Uncaught Exception, allows an authenticated and authorized operator to trigger a Controller rest [truncated]
CVE-2026-27790 is an Uncaught Exception vulnerability in T20 Readers. An authenticated and authorized operator can trigger a restart by sending specific requests, resulting in a temporary denial of service. Affected versions include Command Centre 9.50 prior to vCR9.50.260616a, 9.40 prior to vCR9.40.260616a, 9.30 prior to vCR9.30.260616a, 9.20 prior to vCR9.20.260616a, and all versions of 9.10 and prior. [truncated]
An Incorrect Privilege Assignment vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. This could lead to unauthorized actions within the Command Centre Server environment. The vulnerability has been assigned a CVSS score of 5.3, indicating a medium severity level. Affected vers [truncated]
CVE-2026-25193 is a HIGH severity vulnerability (CVSS 8.1) involving insertion of sensitive information into log files (CWE-532) in Gallagher Command Centre Service installers. The issue was published on 2026-05-25 and last modified on 2026-05-26. When administrators install Command Centre Services using a custom Service Account rather than the default Network Service account, the installer may write Serv [truncated]