CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-13125

highCVSS 8.8covered by 1 sourcefirst seen 2026-07-02
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. In order to access the websocket server, no authentication is required. As such, any malicious website can attempt to open a connection to the server and potentially access sensitive APIs. In particular, it's possible to call a combination of the create method and getScreenCapture to retrieve the content of the user's screen.

⚡ Watch CVE-2026-13125

Get an email if CVE-2026-13125 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-13125

CVE.org record

Embed the live status

CVE-2026-13125 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-13125 status](https://www.csirts.com/badge/CVE-2026-13125)](https://www.csirts.com/cve/CVE-2026-13125)