CVE Catalog

CVE-2026-57271

HighCVSS 8.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

14th percentile — higher than 14% of all known CVEs

Summary

The GeoWebPlayer addon (also known as Web Plugin or WS Player) for GeoVision software (GV-VMS, GV-Cloud) contains an out-of-bounds read vulnerability in the handling of the 'pause' command. This could lead to unexpected behavior or potential security compromise.

Risk Assessment

The risk for the organization includes the possibility of remotely disrupting GeoVision-based video surveillance systems, potentially resulting in loss of access to live feeds or recordings.

Recommendation

It is recommended to immediately update the GeoWebPlayer addon to the latest version available from the vendor and restrict access to the websocket server to trusted networks only.

Original NVD description (English source)

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. #### pause command index-out-of-bound

Vulnerability data from NVD (NIST) · CISA KEV · EPSS