CVE-2026-42368
Published: 04 May 2026
Description
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-42368 by requiring timely patching of the privilege escalation flaw in the GeoVision LPC2011/LPC2211 web interface as per vendor advisories.
Validates specially crafted HTTP requests to the web interface, preventing execution of privileged operations.
Enforces access control policies to block unauthorized privileged operations triggered by low-privilege users via the vulnerable web interface.
Security SummaryAI
CVE-2026-42368 is a privilege escalation vulnerability (CWE-266) in the Web Interface functionality of GeoVision LPC2011/LPC2211 version 1.10. A specially crafted HTTP request can lead to the execution of privileged operations, with the attacker able to trigger the issue simply by visiting a webpage.
The vulnerability has a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), indicating it is exploitable over the network with low attack complexity by an attacker possessing low privileges, requiring no user interaction and resulting in a scope change. Successful exploitation enables the attacker to gain elevated privileges, achieving high impacts on confidentiality, integrity, and availability.
Mitigation details are available in advisories from Talos Intelligence (https://talosintelligence.com/vulnerability_reports/) and GeoVision (https://www.geovision.com.tw/cyber_security.php).
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directly matches Exploitation for Privilege Escalation (T1068) via crafted HTTP request in web interface leading to unauthorized privileged operations (CWE-266).