CVE-2026-12488 - Vulnerability Details - OpenCVE

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Geovision Inc.	Geovision

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411
https://www.geovision.com.tw/cyber_security.php

History

Wed, 24 Jun 2026 05:00:00 +0000

Type	Values Removed	Values Added
Description		A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.
Title		GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability
First Time appeared		Geovision Inc. Geovision Inc. geovision
Weaknesses		CWE-121
CPEs		cpe:2.3:a:geovision_inc.:geovision:v20.0.2::windows::::: cpe:2.3:a:geovision_inc.:geovision:v20.1.0.0::windows:::::
Vendors & Products		Geovision Inc. Geovision Inc. geovision
References		https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411 https://www.geovision.com.tw/cyber_security.php
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GV

Published: 2026-06-24T03:34:20.794Z

Updated: 2026-06-24T05:23:56.794Z

Reserved: 2026-06-17T03:39:27.939Z

Link: CVE-2026-12488

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T09:15:06Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12488", "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9", "state": "PUBLISHED", "assignerShortName": "GV", "dateReserved": "2026-06-17T03:39:27.939Z", "datePublished": "2026-06-24T03:34:20.794Z", "dateUpdated": "2026-06-24T05:23:56.794Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0df08a0e-a200-4957-9bb0-084f562506f9", "shortName": "GV", "dateUpdated": "2026-06-24T03:34:20.794Z"}, "title": "GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "GeoVision Inc.", "product": "GeoVision", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "V20.0.2"}, {"status": "unaffected", "version": "V20.1.0.0"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:geovision_inc.:geovision:v20.0.2:*:windows:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:geovision_inc.:geovision:v20.1.0.0:*:windows:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2.\u00a0\n\n\nA specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. <div><br></div><div>A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.</div>"}]}], "references": [{"url": "https://www.geovision.com.tw/cyber_security.php", "tags": ["vendor-advisory"]}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H"}}], "solutions": [{"lang": "en", "value": "GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability.\u00a0\n\n\nUser is recommended to download the update from GeoVision's offical website\u00a0(https://www.geovision.com.tw/download/product/GV-VMS%20V20)\n\nor contact GeoVision Support team at support@geovision.com.tw", "supportingMedia": [{"type": "text/html", "base64": false, "value": "GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability. <div><br></div><div>User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20)</div><div>or contact GeoVision Support team at support@geovision.com.tw </div>"}]}], "timeline": [{"time": "2026-04-21T03:49:00.000Z", "lang": "en", "value": "Initial Vendor Contact"}], "credits": [{"lang": "en", "value": "Philippe Laulheret of Cisco Talos.", "type": "finder"}, {"lang": "en", "value": "Kelly Patterson of Cisco Talos.", "type": "remediation reviewer"}, {"lang": "en", "value": "Robert Sherwin of Cisco Talos.", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2411"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-24T05:23:56.794Z"}}]}}