Home

Description

Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: * 9.50 prior to vCR9.50.260616a (distributed in 9.50.1587(MR1)) * 9.40 prior to vCR9.40.260616a (distributed in 9.40.3130(MR3)) * 9.30 prior to vCR9.30.260616a (distributed in 9.30.3983(MR5)) * 9.20 prior to vCR9.20.260616a (distributed in 9.20.4349(MR7)) * all versions of 9.10 and prior.

PUBLISHED Reserved 2026-03-01 | Published 2026-07-07 | Updated 2026-07-07 | Assigner Gallagher




LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-248 Uncaught exception

Product status

Default status
unaffected

Any version
affected

9.50 (custom) before vCR9.50.260616a
affected

9.40 (custom) before vCR9.40.260616a
affected

9.30 (custom) before vCR9.30.260616a
affected

9.20 (custom) before vCR9.20.260616a
affected

References

security.gallagher.com/...Security-Advisories/CVE-2026-27790

cve.org (CVE-2026-27790)

nvd.nist.gov (CVE-2026-27790)

Download JSON