Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-42370 -- CVSS 9.0 Vulnerability Briefing

CVE-2026-42370 | CVSS 9.0 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-42370 is a stack overflow vulnerability in the WebCam Server Login component of GeoVision GV-VMS Firmware and GV-VMS V20 version 20.0.2, a video management system platform used for IP camera and surveillance infrastructure.

Technical Detail

The flaw exists in the HTTP request handling logic of the WebCam Server Login functionality, where insufficient bounds checking on attacker-supplied input allows a stack buffer overflow condition. A remote attacker can trigger this by sending a specially crafted HTTP request to the affected service, corrupting stack memory in a manner that enables arbitrary code execution. Successful exploitation results in full RCE on the host system running GV-VMS, with no indication that authentication is required as a precondition.

Exploitation Status

No known exploit code has been publicly identified or confirmed at this time. The vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Despite the absence of a confirmed exploit, the CVSS score of 9.0 and the RCE impact warrant elevated attention, particularly given that video management systems are frequently internet-exposed.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this CVE in available intelligence sources as of May 10, 2026.

What To Do

Organizations running GeoVision GV-VMS V20 version 20.0.2 should apply any available vendor patch or firmware update immediately, prioritizing systems with the WebCam Server service exposed to untrusted networks. If a patch is not yet available, restrict network access to the GV-VMS WebCam Server port using firewall rules or network segmentation, and place the system behind a VPN or access-controlled perimeter. Monitor for anomalous HTTP traffic targeting the login endpoint, unexpected process spawning from the GV-VMS service, and any signs of lateral movement originating from surveillance server hosts. Given the critical CVSS rating and RCE potential, this should be treated as a high-priority remediation item regardless of current exploit maturity.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →