CVE-2026-20801 is a vulnerability classified under CWE-319, which pertains to the cleartext transmission of sensitive information. Specifically, this flaw affects the Gallagher NxWitness Video Management System (VMS) integration and the Gallagher Hanwha VMS integration components. These integrations transmit live video streams without adequate encryption, allowing any unprivileged user with access to the local network to intercept and view these streams. The vulnerability affects all versions of Gallagher NxWitness VMS integration prior to version 9.10.017 and Gallagher Hanwha VMS integration prior to version 9.10.025. The attack vector is network-based, requiring the attacker to be on the same local network segment as the vulnerable system. The attack complexity is high, meaning some conditions must be met for successful exploitation, but no privileges or user interaction are required. The CVSS v3.1 base score is 5.6, reflecting medium severity with partial impacts on confidentiality, integrity, and availability. The vulnerability compromises confidentiality by exposing live video feeds, integrity by potentially allowing unauthorized viewing, and availability to a limited degree if the streams are disrupted. No public exploits have been reported yet, but the risk remains significant for environments relying on these VMS integrations for security monitoring. The lack of encryption in video stream transmission highlights a critical design weakness in these integrations, necessitating prompt remediation.

The primary impact of CVE-2026-20801 is the unauthorized disclosure of live video streams, which can lead to significant privacy violations and intelligence gathering by malicious actors. Organizations relying on Gallagher NxWitness and Hanwha VMS integrations for physical security and surveillance may have their monitoring capabilities compromised, potentially allowing attackers to observe sensitive areas undetected. This can facilitate further attacks, espionage, or sabotage. The vulnerability also undermines trust in the security infrastructure, possibly affecting compliance with data protection regulations. Although the attack requires local network access and has high complexity, insider threats or attackers who gain network access through other means could exploit this vulnerability. The limited impact on integrity and availability means attackers might also disrupt video streams or manipulate data, though this is less likely. Overall, the vulnerability poses a moderate risk to organizations worldwide, especially those in critical infrastructure, government, and large enterprises with extensive video surveillance deployments.

1. Upgrade Gallagher NxWitness VMS integration to version 9.10.017 or later and Gallagher Hanwha VMS integration to version 9.10.025 or later as soon as patches become available. 2. Until patches are applied, implement network segmentation to isolate VMS integrations from untrusted or general user networks, restricting local network access only to authorized personnel and systems. 3. Employ network-level encryption such as VPNs or secure tunnels (e.g., IPsec) to protect video stream transmissions within the local network. 4. Monitor network traffic for unusual access patterns or unauthorized sniffing attempts targeting VMS components. 5. Enforce strict access controls and authentication mechanisms on the local network to reduce the risk of unauthorized access. 6. Conduct regular security audits and penetration testing focused on VMS infrastructure to identify and remediate additional weaknesses. 7. Educate staff about the risks of local network exposure and insider threats related to video surveillance systems. 8. Collaborate with Gallagher support for any interim security advisories or workarounds prior to patch availability.