CVE Tools

gallagher

Security Productscommercial

50

Cumulative CVEs

10

Monthly snapshots

#65

Peak rank

Top products

command centre server5

Latest CVEs

The 15 most recently published vulnerabilities affecting gallagher.

CVE-2026-25193Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that inst...8.1May 25, 2026
CVE-2026-20801Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network acc...5.6Mar 3, 2026
CVE-2026-20757Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Comm...2.5Mar 3, 2026
CVE-2025-47147Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract th...5.7Mar 3, 2026
CVE-2025-64734Missing Release of Resource after Effective Lifetime (CWE-772) in the T21 Reader allows an attacker with physical access to the Reader to perform a denial-of-service attack against that specific re...2.4Nov 18, 2025
CVE-2025-52578Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device comm...5.7Nov 18, 2025
CVE-2025-52457Observable Timing Discrepancy (CWE-208) in HBUS devices may allow an attacker with physical access to the device to extract device-specific keys, potentially compromising further site security. T...5.7Nov 18, 2025
CVE-2025-48430Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 ...5.5Oct 23, 2025
CVE-2025-48428Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing key ...6.7Oct 23, 2025
CVE-2025-47699Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make ...9.9Oct 23, 2025
CVE-2025-41402Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects C...5.5Oct 23, 2025
CVE-2025-35981Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not...5.5Oct 23, 2025
CVE-2025-46406A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across t...5.6Jul 10, 2025
CVE-2025-44003Missing Release of Resource after Effective Lifetime (CWE-772) in the Gallagher T-Series Reader allows an attacker with physical access to the reader to perform a limited denial of service when 125...4.3Jul 10, 2025
CVE-2025-35983Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides d...6.5Jul 10, 2025