CVE-2026-4606 is a critical vulnerability identified in GeoVision's GV-Edge Recording Manager (ERM) version 2.3.1, categorized under CWE-250: Execution with Unnecessary Privileges. The root cause is that ERM installs a Windows service running under the LocalSystem account, which is the highest privilege level on Windows systems. When the ERM application launches, it spawns related processes that inherit SYSTEM-level privileges instead of running under the logged-in user's security context. This design flaw extends to application functions that invoke Windows file open/save dialogs, such as the 'Import Data' feature. These dialogs operate with SYSTEM privileges, allowing any local user to manipulate protected system files and directories, including modification or deletion. Because the vulnerability does not require authentication, user interaction, or elevated privileges initially, any local user can exploit it to escalate privileges to SYSTEM level. This can lead to full control over the operating system, enabling attackers to install malware, disable security controls, or exfiltrate sensitive data. The vulnerability has a CVSS 4.0 base score of 10.0, reflecting its critical severity and wide impact. Although no known exploits have been reported in the wild yet, the vulnerability's nature and ease of exploitation make it a high-risk issue for organizations using GV-Edge Recording Manager 2.3.1.

The impact of CVE-2026-4606 is severe for organizations worldwide using GV-Edge Recording Manager version 2.3.1. Since the vulnerability allows any local user to escalate privileges to SYSTEM level, it effectively grants full control over affected Windows systems. This can lead to unauthorized installation of persistent malware, disabling or bypassing of security mechanisms, unauthorized access to sensitive data, and potential lateral movement within networks. Systems running ERM in critical infrastructure environments such as surveillance, security monitoring, or physical access control are particularly at risk. The vulnerability undermines the principle of least privilege and can facilitate insider threats or attacks by adversaries who have gained limited local access. Given the critical nature of the flaw and the high privileges involved, exploitation could result in complete system compromise, data breaches, operational disruption, and significant remediation costs.

To mitigate CVE-2026-4606, organizations should immediately upgrade GV-Edge Recording Manager to a patched version once released by GeoVision. Until a patch is available, implement the following specific measures: 1) Restrict local user access on systems running ERM to trusted administrators only, minimizing the risk of unprivileged users exploiting the flaw. 2) Use Windows Group Policy to limit access to the ERM service and related executables, preventing unauthorized execution. 3) Employ application whitelisting to control which processes can run with elevated privileges. 4) Monitor and audit local user activities on ERM hosts for suspicious behavior, especially file system changes involving protected directories. 5) Consider running ERM in a dedicated, isolated environment or virtual machine with strict access controls to contain potential exploitation. 6) Disable or restrict the use of ERM functions that invoke file dialogs until the vulnerability is resolved. 7) Implement endpoint detection and response (EDR) solutions capable of detecting privilege escalation attempts. These targeted mitigations go beyond generic advice by focusing on controlling local user privileges, restricting access to vulnerable components, and monitoring for exploitation attempts.