CVE-2026-20801 is a vulnerability categorized under CWE-319, which involves the cleartext transmission of sensitive information. Specifically, this flaw exists in components used by Gallagher NxWitness VMS and Hanwha VMS integrations, which are video management systems widely used for security surveillance. The vulnerability allows an attacker with local network access but no privileges or user interaction to intercept live video streams transmitted without encryption. This exposure arises because sensitive data, including live video feeds, are sent over the network in plaintext, enabling eavesdropping and unauthorized viewing. The affected versions include all releases prior to 9.10.017 for Gallagher NxWitness VMS integration and prior to 9.10.025 for Gallagher Hanwha VMS integration. The CVSS v3.1 base score is 5.6 (medium), reflecting network attack vector, high attack complexity, no privileges required, no user interaction, and limited confidentiality, integrity, and availability impacts. No known exploits have been reported in the wild, and no official patches have been linked yet, though vendors typically address such issues in subsequent updates. The vulnerability's root cause is the lack of encryption or secure transmission protocols for sensitive video data, violating best practices for protecting surveillance streams. This flaw could be exploited in environments where attackers have access to the same local network segment, such as corporate LANs, wireless networks, or poorly segmented networks, allowing them to capture and view live video streams without authorization.

The primary impact of this vulnerability is the unauthorized disclosure of live video streams, compromising confidentiality. This can lead to privacy violations, exposure of sensitive operational environments, and potential intelligence gathering by malicious actors. Organizations relying on these VMS integrations for physical security monitoring could have their surveillance data intercepted, undermining security posture and trust in video monitoring systems. Although the integrity and availability impacts are limited, the confidentiality breach alone can have serious consequences, especially in critical infrastructure, government facilities, and high-security commercial environments. The requirement for local network access limits remote exploitation but does not eliminate risk in environments with shared or poorly segmented networks, including wireless or guest networks. Attackers could leverage this vulnerability to conduct reconnaissance, plan physical intrusions, or gain insights into security operations. The absence of authentication or user interaction requirements lowers the barrier for exploitation by insiders or lateral movement attackers. Overall, the vulnerability poses a moderate risk that could escalate if combined with other attack vectors or if exploited in sensitive contexts.

Organizations should immediately assess their deployment of Gallagher NxWitness VMS and Hanwha VMS integrations to identify affected versions. Until patches are available, network segmentation is critical to restrict access to VMS components only to authorized devices and personnel. Implement VLANs, firewall rules, and access control lists to isolate VMS traffic from general network segments and guest or wireless networks. Employ network monitoring to detect unauthorized sniffing or unusual traffic patterns around VMS streams. Where possible, use VPNs or encrypted tunnels (e.g., IPsec, TLS) to protect video stream transmissions within the local network. Coordinate with Gallagher to obtain and apply official patches or updates as soon as they are released. Review and harden network infrastructure to minimize local network access by untrusted users. Additionally, consider deploying endpoint security controls to detect and prevent packet capture tools. Conduct regular security audits and penetration tests focusing on network segmentation and data transmission security for video management systems. Finally, educate staff about the risks of local network access and enforce strict physical and logical access controls.