CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-57272

highCVSS 8.3covered by 1 sourcefirst seen 2026-07-02
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an index value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the index value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. byPass command index-out-of-bound

⚡ Watch CVE-2026-57272

Get an email if CVE-2026-57272 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-57272

CVE.org record

Embed the live status

CVE-2026-57272 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-57272 status](https://www.csirts.com/badge/CVE-2026-57272)](https://www.csirts.com/cve/CVE-2026-57272)