CVE-2026-1241

The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.

CVSS

No CVSS.

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-02

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Las cámaras Pelco, Inc. Sarix Professional 3 Series son vulnerables a un problema de omisión de autenticación en su interfaz de gestión web. El fallo se deriva de una aplicación inadecuada de los controles de acceso, permitiendo que cierta funcionalidad sea accedida sin la autenticación adecuada. Esta debilidad puede conducir a la visualización no autorizada de transmisiones de video en vivo, creando preocupaciones de privacidad y riesgos operativos para las organizaciones que dependen de estas cámaras. Además, puede exponer a los operadores a desafíos regulatorios y de cumplimiento.

26 Feb 2026, 20:31

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-26 20:31

Updated : 2026-04-15 00:35

NVD link : CVE-2026-1241

Mitre link : CVE-2026-1241

CVE.ORG link : CVE-2026-1241

JSON object : View

Products Affected

No product.

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2026-1241", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-26T20:31:33.657", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-02", "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges."}, {"lang": "es", "value": "Las c\u00e1maras Pelco, Inc. Sarix Professional 3 Series son vulnerables a un problema de omisi\u00f3n de autenticaci\u00f3n en su interfaz de gesti\u00f3n web. El fallo se deriva de una aplicaci\u00f3n inadecuada de los controles de acceso, permitiendo que cierta funcionalidad sea accedida sin la autenticaci\u00f3n adecuada. Esta debilidad puede conducir a la visualizaci\u00f3n no autorizada de transmisiones de video en vivo, creando preocupaciones de privacidad y riesgos operativos para las organizaciones que dependen de estas c\u00e1maras. Adem\u00e1s, puede exponer a los operadores a desaf\u00edos regulatorios y de cumplimiento."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "ics-cert@hq.dhs.gov"}