CVE-2026-4639 HIGH

CVE-2026-4639: Galaxy Software Services｜Vitals ESP - Incorrect Authorization

Vendor Galaxy Software Services

Product Vitals ESP

Weakness CWE-863 · Incorrect authorization

Published March 24, 2026

Last update March 24, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.

Key dates

02Disclosure timeline

March 24, 2026 CVE published

March 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-4639 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2026-35555 Subnet Solutions PowerSYSTEM Center Incorrect Authorization CVE-2023-1779 Helmholz and MB Connect Line: Account takeover via password reset in multiple products CVE-2026-26336 Hyland Alfresco Improper Authorization Arbitrary File Read CVE-2024-45587 Unauthorized Modification Vulnerability CVE-2026-2126 User Submitted Posts <= 20260113 - Incorrect Authorization to Unauthenticated Category Restriction Bypass via 'user-submitted-category' Parameter