Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-42368 -- CVSS 9.9 Vulnerability Briefing

CVE-2026-42368 | CVSS 9.9 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-42368 is a privilege escalation vulnerability in the web interface of GeoVision GV-LPC2011 and GV-LPC2211 license plate capture devices running firmware version 1.10, allowing an unauthenticated or low-privileged attacker to execute privileged operations via crafted HTTP requests.

Technical Detail

The flaw resides in the web management interface of the affected GeoVision firmware, where insufficient authorization controls permit a specially crafted HTTP request to invoke privileged functionality without proper permission validation. An attacker with network access to the device's web interface can trigger this condition by sending a malformed or manipulated HTTP request that bypasses privilege checks, resulting in unauthorized execution of administrative or system-level operations. The impact includes full device compromise, potential configuration manipulation, and possible use of the device as a pivot point within the network segment it monitors.

Exploitation Status

No known exploit code has been publicly identified at this time, and the vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit, meaning active in-the-wild exploitation has not been confirmed as of May 10, 2026. However, the high CVSS score of 9.9 and the nature of the attack surface warrant proactive attention regardless of current exploitation status.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence. GeoVision devices are commonly deployed in physical security and surveillance environments, which historically attract interest from actors targeting critical infrastructure and corporate networks, but no confirmed targeting of this specific CVE has been observed.

What To Do

Organizations running GeoVision GV-LPC2011 or GV-LPC2211 devices on firmware version 1.10 should check with GeoVision for an available firmware update and apply it immediately given the critical severity rating. If a patch is not yet available, restrict network access to the device web interface by placing affected devices behind a firewall or network access control policy that limits exposure to trusted management hosts only. Remote access to the web interface should be disabled if not operationally required. Defenders should monitor for anomalous HTTP requests targeting these devices, particularly requests that result in unexpected configuration changes or administrative actions. Given the CVSS score of 9.9, this should be treated as a high-priority remediation item even in the absence of confirmed active exploitation.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →