CVE-2026-42369

Name of the Vulnerable Software and Affected Versions GV-VMS V20

Description The WebCam Server feature in GV-VMS allows remote access to management and monitoring via a web interface. The gvapi endpoint utilizes a custom authentication mechanism supporting Basic and Digest modes. A stack overflow occurs when the b64decoder string is copied to the Buffer stack variable without bound-checking; if the decoded string exceeds 256 characters, it overflows the buffer. Since the web server is compiled without Address Space Layout Randomization (ASLR)—a security technique that randomly arranges address spaces of key data areas to prevent memory corruption attacks—an attacker can control the data to achieve full code execution with SYSTEM privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.