Home

Description

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.

PUBLISHED Reserved 2026-03-01 | Published 2026-03-03 | Updated 2026-03-03 | Assigner Gallagher




LOW: 2.5CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-667 Improper Locking

Product status

Default status
affected

Any version
affected

9.40 (custom) before 9.40.1976(MR1)
affected

9.30 (custom) before 9.30.3382 (MR4)
affected

9.20 (custom) before 9.20.3783 (MR6)
affected

9.10 (custom) before 9.10.4647 (MR9)
affected

References

security.gallagher.com/...Security-Advisories/CVE-2026-20757

cve.org (CVE-2026-20757)

nvd.nist.gov (CVE-2026-20757)

Download JSON