PT-2026-58002 · Milestone Systems · Xprotect Management Server

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-3014

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Milestone has released a new version of XProtect® (and several cumulative patch updates) which fix security vulnerability in Management Server API. 
The vulnerability causes users with edit permissions to the Management Server to be able to execute arbitrary code in context of the Management Server Service.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-3014

Affected Products

Xprotect Management Server