CVE-2026-20801 in NxWitness VMS
Summary
by MITRE • 03/03/2026
Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams.
This issue affects all versions of Gallagher NxWitness VMS integration prior to 9.10.017 and Gallagher Hanwha VMS integration prior to 9.10.025.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/04/2026
The vulnerability identified as CVE-2026-20801 represents a critical cleartext transmission flaw that undermines the security of video management systems through the improper handling of sensitive data. This weakness falls under CWE-319, which specifically addresses the transmission of sensitive information in cleartext over networks, making it susceptible to interception and eavesdropping attacks. The affected systems include both Gallagher NxWitness VMS integration and Gallagher Hanwha VMS integrations, which are widely deployed in enterprise security environments for video surveillance and monitoring purposes. The vulnerability exists within the communication protocols used by these systems to transmit live video streams and associated metadata across local network connections.
The technical implementation of this vulnerability stems from the lack of encryption in data transmission between the video management system components and the client applications that access live feeds. When unprivileged users with local network access attempt to connect to these systems, they can intercept and decode the transmitted video streams without requiring authentication or authorization. This occurs because the systems transmit video data, including metadata such as timestamps, camera identifiers, and location information, in plain text format over the network. The flaw is particularly concerning because it operates at the network layer, allowing attackers to capture the data stream without requiring any specialized tools or deep technical knowledge beyond basic network monitoring capabilities.
The operational impact of this vulnerability extends beyond simple information disclosure, as it fundamentally compromises the integrity and confidentiality of video surveillance systems. Organizations relying on these VMS platforms for security monitoring face significant risks including unauthorized access to live surveillance feeds, potential exposure of sensitive operational data, and the ability for attackers to gain situational awareness of physical security environments. The vulnerability affects all versions prior to specific patches, with Gallagher NxWitness VMS integration requiring version 9.10.017 and Gallagher Hanwha VMS integration requiring version 9.10.025 to achieve remediation. This affects organizations that may have legacy systems or delayed patching processes, leaving them vulnerable to exploitation for extended periods.
Security professionals should consider this vulnerability in the context of broader attack patterns documented in the MITRE ATT&CK framework, particularly under the data exposure and credential access categories. The vulnerability aligns with techniques that leverage network sniffing and man-in-the-middle attacks to capture sensitive information, making it a prime target for adversaries seeking to compromise security infrastructure. Organizations should implement immediate mitigations including network segmentation to isolate VMS components, deployment of network monitoring tools to detect unusual traffic patterns, and enforcement of encryption protocols for all video transmission channels. The remediation process requires careful planning to ensure that patching does not disrupt existing surveillance operations while maintaining the security posture of the entire system infrastructure.