CVE-2026-40619: CWE-532: Insertion of Sensitive Information into Log File in Genetec Inc. Genetec Security Center
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation. This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number. Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.
AI Analysis
Technical Summary
This vulnerability (CWE-532) involves the insertion of sensitive information, specifically Server Admin credentials, into log files on Genetec Security Center main servers. An attacker with local operating system privileges could leverage this to gain unauthorized access to administrative credentials. The issue was discovered by a third party engaged by Genetec. The vulnerability is tied to certain installation package builds rather than solely to product version numbers, complicating exposure assessment. Affected versions span from 5.7 SR6 through 5.13.3.0, but only installations using vulnerable builds are impacted. Remediated builds can be identified by verified installation package hashes. The CVSS v3.1 base score is 7.8, indicating high severity with local attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability.
Potential Impact
If exploited, an attacker with local OS access to the main server could obtain Server Admin credentials, potentially leading to full administrative control over the Genetec Security Center environment. This compromises confidentiality, integrity, and availability of the system. However, there is currently no evidence of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability is tied to specific installation package builds rather than version numbers alone, organizations should verify their installation package hashes against the vendor's list of fixed builds. Until an official fix or update is provided, restrict local OS access to trusted personnel only to reduce risk. Monitor Genetec's security advisories for updates on remediation.
CVE-2026-40619: CWE-532: Insertion of Sensitive Information into Log File in Genetec Inc. Genetec Security Center
Description
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation. This vulnerability is associated with specific installation package builds rather than the product version identifier alone. Certain versions (including 5.10.4.0, 5.11.3.0, 5.12.2.0 and 5.13.3.0) were released with both vulnerable and remediated installation packages under the same version number. Consequently, version-based comparison alone is insufficient to determine exposure. Only installations performed using vulnerable builds are affected. Remediated builds can be distinguished using verified installation package hashes. For the complete list of fixed build hashes, refer to the security advisory section.
CVSS v3.1
Score 7.8high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-532) involves the insertion of sensitive information, specifically Server Admin credentials, into log files on Genetec Security Center main servers. An attacker with local operating system privileges could leverage this to gain unauthorized access to administrative credentials. The issue was discovered by a third party engaged by Genetec. The vulnerability is tied to certain installation package builds rather than solely to product version numbers, complicating exposure assessment. Affected versions span from 5.7 SR6 through 5.13.3.0, but only installations using vulnerable builds are impacted. Remediated builds can be identified by verified installation package hashes. The CVSS v3.1 base score is 7.8, indicating high severity with local attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability.
Potential Impact
If exploited, an attacker with local OS access to the main server could obtain Server Admin credentials, potentially leading to full administrative control over the Genetec Security Center environment. This compromises confidentiality, integrity, and availability of the system. However, there is currently no evidence of active exploitation in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability is tied to specific installation package builds rather than version numbers alone, organizations should verify their installation package hashes against the vendor's list of fixed builds. Until an official fix or update is provided, restrict local OS access to trusted personnel only to reduce risk. Monitor Genetec's security advisories for updates on remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Genetec
- Date Reserved
- 2026-04-27T16:27:39.879Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1efb66e29bf47b50db3514
Added to database: 6/2/2026, 3:48:54 PM
Last enriched: 6/2/2026, 4:05:29 PM
Last updated: 6/3/2026, 4:57:16 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.