CVE-2026-55727
Genetec Inc. · Genetec Security Center
An improper authentication flaw in Genetec Security Center 5 allows unauthenticated attackers to potentially retrieve live video streams.
Executive summary
A critical authentication flaw in Genetec Security Center 5 allows unauthenticated access to live video streams, necessitating an immediate software update.
Vulnerability
This vulnerability (CWE-287) involves an improper authentication mechanism for video stream requests. It allows an unauthenticated attacker to bypass security controls and access live video feeds from the system.
Business impact
The ability for an unauthorized party to view live surveillance feeds represents a severe breach of physical security and organizational privacy. With a CVSS score of 7.5, this vulnerability could be exploited to conduct reconnaissance or monitor sensitive areas, leading to significant reputational and operational damage.
Remediation
Immediate Action: Upgrade all instances of Genetec Security Center to build 5.14.178.18 or later to resolve the authentication vulnerability.
Proactive Monitoring: Review system audit logs for unauthorized access attempts to video streaming services and monitor for unexpected connections to internal media servers.
Compensating Controls: Restrict network access to the Security Center video streaming components to trusted internal subnets using firewall rules until the patch can be deployed.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Security teams should treat this vulnerability with high urgency given the direct impact on physical surveillance systems. The vendor has provided a specific fix; updating to the specified build version is the only definitive way to mitigate this risk.