CVE-2026-8598 CRITICAL

CVE-2026-8598: Unauthenticated Export Service in ZKTeco CCTV Cameras

Vendor Zkteco
Product SSC335-GC2063-Face-0b77 Solution Camera
Weakness CWE-288
Published May 20, 2026
Last update May 20, 2026

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.

Key dates

02Disclosure timeline

May 20, 2026 CVE published
May 20, 2026 Record updated