{"api_version":"1","generated_at":"2026-07-13T21:12:27+00:00","cve":"CVE-2026-26053","urls":{"html":"https://cve.report/CVE-2026-26053","api":"https://cve.report/api/cve/CVE-2026-26053.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-26053","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-26053"},"summary":{"title":"CVE-2026-26053","description":"An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10.","state":"PUBLISHED","assigner":"Gallagher","published_at":"2026-07-07 05:16:50","updated_at":"2026-07-07 14:16:29"},"problem_types":["CWE-266","CWE-266 CWE-266 Incorrect privilege assignment"],"metrics":[{"version":"3.1","source":"disclosures@gallagher.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-26053","name":"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-26053","refsource":"disclosures@gallagher.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-26053","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26053","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Gallagher","product":"Command Centre Server","version":"affected 9.10 custom","platforms":[]},{"source":"CNA","vendor":"Gallagher","product":"Command Centre Server","version":"affected 9.50 vEL9.50.1587(MR1) custom","platforms":[]},{"source":"CNA","vendor":"Gallagher","product":"Command Centre Server","version":"affected 9.40 vEL9.40.3130(MR3) custom","platforms":[]},{"source":"CNA","vendor":"Gallagher","product":"Command Centre Server","version":"affected 9.30 vEL9.30.3983(MR5) custom","platforms":[]},{"source":"CNA","vendor":"Gallagher","product":"Command Centre Server","version":"affected 9.20 vEL9.20.4349(MR7) custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"26053","cve":"CVE-2026-26053","epss":"0.001530000","percentile":"0.048390000","score_date":"2026-07-09","updated_at":"2026-07-10 00:08:29"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-26053","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-07T13:37:41.225293Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-07T13:37:52.035Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Command Centre Server","vendor":"Gallagher","versions":[{"status":"affected","version":"9.10","versionType":"custom"},{"lessThan":"vEL9.50.1587(MR1)","status":"affected","version":"9.50","versionType":"custom"},{"lessThan":"vEL9.40.3130(MR3)","status":"affected","version":"9.40","versionType":"custom"},{"lessThan":"vEL9.30.3983(MR5)","status":"affected","version":"9.30","versionType":"custom"},{"lessThan":"vEL9.20.4349(MR7)","status":"affected","version":"9.20","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An&nbsp;Incorrect Privilege Assignment (CWE-266)&nbsp;vulnerability in&nbsp;the Command Centre Server&nbsp;allows an&nbsp;authenticated operator with limited privileges&nbsp;to perform some operations that they would not normally be authorized to perform.&nbsp;<div>Version of Command Centre affected:&nbsp;9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10.&nbsp;</div>"}],"value":"An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-266","description":"CWE-266 Incorrect privilege assignment","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-07T03:48:47.708Z","orgId":"0c426f27-3ee1-4eff-be88-288d5a1822bc","shortName":"Gallagher"},"references":[{"url":"https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-26053"}],"source":{"discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"0c426f27-3ee1-4eff-be88-288d5a1822bc","assignerShortName":"Gallagher","cveId":"CVE-2026-26053","datePublished":"2026-07-07T03:48:47.708Z","dateReserved":"2026-03-01T23:45:09.665Z","dateUpdated":"2026-07-07T13:37:52.035Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-07 05:16:50","lastModifiedDate":"2026-07-07 14:16:29","problem_types":["CWE-266","CWE-266 CWE-266 Incorrect privilege assignment"],"metrics":{"cvssMetricV31":[{"source":"disclosures@gallagher.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-07T13:37:41.225293Z","id":"CVE-2026-26053","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"26053","Ordinal":"1","Title":"CVE-2026-26053","CVE":"CVE-2026-26053","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"26053","Ordinal":"1","NoteData":"An Incorrect Privilege Assignment (CWE-266) vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587(MR1), 9.40 prior to vEL9.40.3130(MR3), 9.30 prior to vEL9.30.3983(MR5), 9.20 prior to vEL9.20.4349(MR7), all versions of 9.10.","Type":"Description","Title":"CVE-2026-26053"}]}}}