CVE-2026-55727

Genetec Inc. · Genetec Security Center

An improper authentication flaw in Genetec Security Center 5 allows unauthenticated attackers to potentially retrieve live video streams.

Executive summary

A critical authentication flaw in Genetec Security Center 5 allows unauthenticated access to live video streams, necessitating an immediate software update.

Vulnerability

This vulnerability (CWE-287) involves an improper authentication mechanism for video stream requests. It allows an unauthenticated attacker to bypass security controls and access live video feeds from the system.

Business impact

The ability for an unauthorized party to view live surveillance feeds represents a severe breach of physical security and organizational privacy. With a CVSS score of 7.5, this vulnerability could be exploited to conduct reconnaissance or monitor sensitive areas, leading to significant reputational and operational damage.

Remediation

Immediate Action: Upgrade all instances of Genetec Security Center to build 5.14.178.18 or later to resolve the authentication vulnerability.

Proactive Monitoring: Review system audit logs for unauthorized access attempts to video streaming services and monitor for unexpected connections to internal media servers.

Compensating Controls: Restrict network access to the Security Center video streaming components to trusted internal subnets using firewall rules until the patch can be deployed.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Security teams should treat this vulnerability with high urgency given the direct impact on physical surveillance systems. The vendor has provided a specific fix; updating to the specified build version is the only definitive way to mitigate this risk.