Gallagher Command Centre Server
15 CVEs affecting Gallagher Command Centre Server. Latest disclosed: 2026-05-25. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47699 | Critical | 9.9 | 2025-10-23 | Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator… |
CVE-2024-21815 | Critical | 9.1 | 2024-03-05 | Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged… |
CVE-2024-41724 | High | 8.7 | 2025-03-10 | Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affe… |
CVE-2024-42407 | High | 8.5 | 2024-12-12 | Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to v… |
CVE-2026-25193 | High | 8.1 | 2026-05-25 | Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitig… |
CVE-2024-43690 | High | 8.0 | 2024-09-11 | Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Ex… |
CVE-2024-21838 | Medium | 6.8 | 2024-03-05 | Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injec… |
CVE-2025-48428 | Medium | 6.7 | 2025-10-23 | Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Se… |
CVE-2025-46406 | Medium | 5.6 | 2025-07-10 | A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform… |
CVE-2025-48430 | Medium | 5.5 | 2025-10-23 | Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue… |
CVE-2025-41402 | Medium | 5.5 | 2025-10-23 | Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing… |
CVE-2025-35981 | Medium | 5.5 | 2025-10-23 | Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal… |
CVE-2023-23584 | Medium | 4.3 | 2023-12-18 | An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would… |
CVE-2023-23576 | Medium | 4.3 | 2023-12-18 | Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a networ… |
CVE-2026-20757 | Low | 2.5 | 2026-03-03 | Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centr… |