CVE-2026-42370 CRITICAL

CVE-2026-42370: GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

Vendor Geovision Inc.
Product GV-VMS V20.0.2
Weakness CWE-787
Published May 4, 2026
Last update June 15, 2026

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

May 4, 2026 CVE published
June 15, 2026 Record updated