CVE-2026-7841 HIGH

CVE-2026-7841: GV-ASWeb Remote Code Execution (RCE) vulnerability

Vendor Geovision Inc.
Product ASManager
Weakness CWE-94 · Code injection
Published May 6, 2026
Last update May 7, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the frontend restrictions.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 7, 2026 Record updated