CVE-2026-20757 - Vulnerability Details - OpenCVE

Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20757

History

Tue, 03 Mar 2026 03:15:00 +0000

Type	Values Removed	Values Added
Description		Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.
Weaknesses		CWE-667
References		https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20757
Metrics		cvssV3_1 `{'score': 2.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Gallagher

Published: 2026-03-03T02:40:45.702Z

Updated: 2026-03-03T02:40:45.702Z

Reserved: 2026-03-01T23:45:09.766Z

Link: CVE-2026-20757

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-03T03:15:54.377

Modified: 2026-03-03T03:15:54.377

Link: CVE-2026-20757

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20757", "assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "state": "PUBLISHED", "assignerShortName": "Gallagher", "dateReserved": "2026-03-01T23:45:09.766Z", "datePublished": "2026-03-03T02:40:45.702Z", "dateUpdated": "2026-03-03T02:40:45.702Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Command Centre Server", "vendor": "Gallagher", "versions": [{"lessThanOrEqual": "9.00", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThan": "9.40.1976(MR1)", "status": "affected", "version": "9.40", "versionType": "custom"}, {"lessThan": "9.30.3382 (MR4)", "status": "affected", "version": "9.30", "versionType": "custom"}, {"lessThan": "9.20.3783 (MR6)", "status": "affected", "version": "9.20", "versionType": "custom"}, {"lessThan": "9.10.4647 (MR9)", "status": "affected", "version": "9.10", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Improper Locking</span><span style=\"background-color: rgb(255, 255, 255);\"> vulnerability (CWE-667) in</span><strong> </strong>Gallagher Morpho integration <span style=\"background-color: rgb(255, 255, 255);\">allows a privileged operator </span><span style=\"background-color: rgb(255, 255, 255);\">to cause a limited denial-of-service in the Command Centre Server</span><span style=\"background-color: rgb(255, 255, 255);\">.</span>\n\n\n\n<p>This issue affects Command Centre Server: \n\n<span style=\"background-color: rgb(255, 255, 255);\">9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior.</span>\n\n</p>"}], "value": "Improper Locking\u00a0vulnerability (CWE-667) in\u00a0Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server.\n\n\n\nThis issue affects Command Centre Server: \n\n9.40 prior to vEL9.40.1976(MR1), 9.30 prior to vEL9.30.3382 (MR4), 9.20 prior to vEL9.20.3783 (MR6), 9.10 prior to vEL9.10.4647 (MR9), all versions of 9.00 and prior."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-667", "description": "CWE-667 Improper Locking", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc", "shortName": "Gallagher", "dateUpdated": "2026-03-03T02:40:45.702Z"}, "references": [{"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2026-20757"}], "source": {"discovery": "INTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}}}