CVE-2026-7841

HIGH NVD

CVSS Score 8.8

Severity HIGH

Published May 06, 2026

Vendor unknown

Description

A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the frontend restrictions.

References

https://www.geovision.com.tw/cyber_security.php