CVE-2026-57271
HighCVSS 8.3Exploitation Probability (EPSS)
Low risk14th percentile — higher than 14% of all known CVEs
Summary
The GeoWebPlayer addon (also known as Web Plugin or WS Player) for GeoVision software (GV-VMS, GV-Cloud) contains an out-of-bounds read vulnerability in the handling of the 'pause' command. This could lead to unexpected behavior or potential security compromise.
Risk Assessment
The risk for the organization includes the possibility of remotely disrupting GeoVision-based video surveillance systems, potentially resulting in loss of access to live feeds or recordings.
Recommendation
It is recommended to immediately update the GeoWebPlayer addon to the latest version available from the vendor and restrict access to the websocket server to trusted networks only.
Original NVD description (English source)
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. #### pause command index-out-of-bound

