Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-7372 -- CVSS 9.0 Vulnerability Briefing

CVE-2026-7372 | CVSS 9.0 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-7372 is a stack overflow vulnerability in the WebCam Server Login component of GeoVision GV-VMS Firmware and GV-VMS V20 version 20.0.2, a video management system platform used for IP camera and surveillance infrastructure management.

Technical Detail

The flaw exists in the HTTP request handling logic of the WebCam Server Login functionality, where a specially crafted HTTP request can trigger a stack buffer overflow condition. An attacker can exploit this remotely by sending a malformed request to the affected service, overwriting stack memory and redirecting execution flow. Successful exploitation results in arbitrary code execution on the underlying host, with the potential to fully compromise the affected system.

Exploitation Status

No known exploit code has been publicly observed or confirmed as of May 10, 2026. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. The exploit maturity is assessed as no known exploit at this time, though the critical CVSS score of 9.0 and the nature of the flaw make it a candidate for future weaponization.

Who Is Targeting This

No specific threat actor attribution at this time. No campaigns or targeted sectors have been associated with this CVE in available intelligence. Surveillance and physical security infrastructure broadly attract interest from both criminal and nation-state actors, but no confirmed targeting of this vulnerability has been identified.

What To Do

Organizations running GeoVision GV-VMS V20 version 20.0.2 should treat this as a high-priority patch given the critical severity rating and the remote code execution impact. Apply any vendor-issued patches or firmware updates for GV-VMS immediately upon availability. If patching cannot be completed promptly, restrict network access to the WebCam Server Login interface by placing it behind a firewall or VPN and blocking direct internet exposure. Monitor for anomalous HTTP traffic targeting the WebCam Server service, particularly requests with oversized or malformed input fields. Contact GeoVision directly to confirm patch availability and remediation guidance if no update has been released.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →