Home

Description

Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.

PUBLISHED Reserved 2026-03-01 | Published 2026-05-25 | Updated 2026-05-26 | Assigner Gallagher




HIGH: 8.1CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H

Problem types

CWE-532 Insertion of sensitive information into log file

Product status

Default status
unaffected

9.40 (custom) before 9.40.2575 (MR2)
affected

Default status
affected

Any version before 9.10.05
affected

Default status
affected

Any version before 9.30.104
affected

Default status
affected

Any version before 2.0.9
affected

Default status
affected

Any version before 10.0.8
affected

Default status
affected

Any version before 9.60.10
affected

Default status
unaffected

1.0 (custom) before 1.0.10
affected

2.0 (custom) before 2.0.5
affected

Default status
affected

Any version before 8.70.62
affected

Default status
affected

Any version before 8.90.16
affected

Default status
affected

Any version before 8.90.34
affected

Default status
affected

Any version before 9.60.21
affected

Default status
affected

Any version before 9.40.05
affected

Default status
affected

Any version before 9.60.02
affected

Default status
affected

Any version before 10.1.0
affected

References

security.gallagher.com/...Security-Advisories/CVE-2026-25193

cve.org (CVE-2026-25193)

nvd.nist.gov (CVE-2026-25193)

Download JSON