The vulnerability CVE-2026-4606 affects GeoVision's GV-Edge Recording Manager (ERM) version 2.3.1, where the application improperly executes components with excessive privileges. During installation, ERM creates a Windows service running under the LocalSystem account, which inherently has the highest privileges on Windows systems. When the ERM application is launched, it spawns related processes under SYSTEM privileges instead of the security context of the logged-in user. This architectural flaw means that any ERM function invoking Windows file open/save dialogs, such as the 'Import Data' feature, operates with SYSTEM-level permissions. Consequently, local users can leverage these dialogs to modify or delete protected system files and directories, effectively escalating their privileges from a standard user to full system control. This vulnerability is classified under CWE-250 (Execution with Unnecessary Privileges), highlighting improper privilege management. The CVSS 4.0 base score is 10.0 (critical), reflecting the vulnerability's ease of exploitation (no authentication or user interaction required), the high impact on confidentiality, integrity, and availability, and the broad scope affecting all systems running the vulnerable ERM version. Although no exploits have been reported in the wild yet, the vulnerability poses a severe risk to any organization using this software, especially those with multiple local users or shared systems.

The impact of CVE-2026-4606 is severe for organizations worldwide using GV-Edge Recording Manager 2.3.1. Local users, including potentially low-privileged or guest accounts, can escalate their privileges to SYSTEM level, gaining full control over the affected Windows system. This can lead to unauthorized modification or deletion of critical system files, installation of persistent malware, disabling of security controls, and complete system compromise. For organizations relying on GV-Edge Recording Manager for video surveillance or recording management, this vulnerability could allow attackers to tamper with security footage, disrupt monitoring operations, or use compromised systems as footholds for lateral movement within networks. The vulnerability's exploitation does not require network access or user interaction, increasing the risk in environments where multiple users have local access. The potential for full system compromise threatens confidentiality, integrity, and availability of critical systems, making this a high-priority security concern.

To mitigate CVE-2026-4606, organizations should immediately upgrade GV-Edge Recording Manager to a patched version once available from GeoVision. In the absence of an official patch, consider the following specific mitigations: 1) Restrict local user access to systems running ERM to trusted administrators only, minimizing the risk of unprivileged users exploiting the vulnerability. 2) Use Windows Group Policy to limit which users can log on locally or interact with the ERM service. 3) Employ application whitelisting and endpoint protection solutions to monitor and block unauthorized attempts to launch or manipulate ERM processes. 4) Audit and monitor file system changes, especially in protected system directories, to detect suspicious activity related to ERM file dialogs. 5) Consider running ERM in a hardened environment or sandbox with reduced privileges if possible, or isolate it on dedicated machines with strict access controls. 6) Regularly review and tighten permissions on the ERM installation directory and related files to prevent unauthorized modifications. 7) Educate system administrators and users about the risks of local privilege escalation vulnerabilities and the importance of least privilege principles.