A high-severity vulnerability in Genetec Security Center, tracked as CVE-2026-40619, allows an attacker with local operating system privileges on the main server to access Server Admin credentials. The vulnerability was discovered by a third party hired by Genetec. There is currently no evidence of active exploitation.
What Is the Vulnerability?
CVE-2026-40619 is a credential exposure vulnerability in Genetec Security Center — an enterprise-grade video management and access control platform deployed in physical security environments including corporate campuses, airports, government facilities, and critical infrastructure sites. The vulnerability allows an attacker who has already gained local operating system access to the Security Center main server to extract Server Admin credentials from the installation.
The practical impact is an escalation chain: an attacker with local OS access — through a compromised user account, a misconfigured service, or another vulnerability — can pivot from OS-level access to full administrative control of the Security Center platform. With Server Admin credentials, the attacker can modify camera configurations, disable recording, alter access control policies, manage user accounts, and view or exfiltrate archived surveillance footage. In physical security contexts, this level of compromise can have direct safety and operational implications beyond typical data breach concerns.
The vulnerability was discovered through a third-party security assessment commissioned by Genetec, indicating the vendor is proactively testing and hardening the platform.
- CVSS v3.1 Score: 7.8 (High) — estimated based on local attack vector and high impact
- Attack Vector: Local (AV:L)
- Privileges Required: Low (PR:L)
- Impact: High on confidentiality, integrity, and availability
Which Versions Are Affected?
The vulnerability affects Genetec Security Center main server installations. Specific affected version ranges were not detailed in the initial NVD entry. Administrators should consult the Genetec security advisory and update to the latest patched version.
Is It Being Exploited in the Wild?
No active exploitation has been reported. Genetec states there is “currently no evidence of active exploitation.” The vulnerability was discovered through a commissioned third-party security assessment rather than through incident response, suggesting it was identified and addressed proactively.
What Is the Fix?
Genetec has released a fix addressing CVE-2026-40619. Security Center administrators should:
- Consult the Genetec security advisory and update portal for the specific fixed version
- Apply the update to all Security Center main server installations
- Rotate Server Admin credentials after applying the update — even if no exploitation is suspected, credentials may have been accessible on the local filesystem or through local processes
Recommendations
Apply the Genetec Security Center update. While the vulnerability requires local OS access to exploit, the credential it exposes — Server Admin — provides full platform control. In physical security environments, the blast radius of a compromised Security Center extends beyond data to include physical access control and surveillance capabilities.
Harden local access to Security Center servers. This vulnerability exploits local OS access to extract credentials. Ensure that Security Center main servers follow the principle of least privilege: restrict local login to only authorised administrators, enforce multi-factor authentication for server access, and monitor local access logs for unusual activity. The Security Center server should be treated as a tier-0 asset in your security architecture.
Rotate Server Admin credentials after patching. Even if no exploitation is detected, the vulnerability means that any user or process with local access to the server during the vulnerable period could have extracted the credentials. Rotate the Server Admin password and any associated service account credentials immediately after applying the update.
Audit Security Center audit logs. Review the platform’s audit trail for administrative actions that do not correlate with known administrator activity — particularly configuration changes to cameras, access control points, or user accounts. The Genetec platform maintains detailed audit logs that can help identify unauthorised administrative access.
References
This advisory is covered in the broader Vulnerability Intelligence Report — June 3, 2026. For a comprehensive view of all active threats and newly disclosed vulnerabilities, refer to the full report.
