Description
Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected:





* 9.50 prior to vCR9.50.260616a (distributed in 9.50.1587(MR1))
* 9.40 prior to vCR9.40.260616a (distributed in 9.40.3130(MR3))
* 9.30 prior to vCR9.30.260616a (distributed in 9.30.3983(MR5))
* 9.20 prior to vCR9.20.260616a (distributed in 9.20.4349(MR7))
* all versions of 9.10 and prior.
Published: 2026-07-07
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 15 Jul 2026 15:00:00 +0000

Type Values Removed Values Added
Title Authenticated Operator Triggered Restart Denial of Service in Gallagher T‑20 Reader

Mon, 13 Jul 2026 22:00:00 +0000

Type Values Removed Values Added
Title Authenticated Operator Can Cause Device Restart, Resulting in Temporary Denial of Service

Sun, 12 Jul 2026 16:00:00 +0000

Type Values Removed Values Added
Title Authenticated Operator Can Cause Device Restart, Resulting in Temporary Denial of Service

Sat, 11 Jul 2026 21:00:00 +0000

Type Values Removed Values Added
Title Temporary Denial of Service via Unhandled Exception on Gallagher T-20 Readers

Fri, 10 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
Title Temporary Denial of Service via Unhandled Exception on Gallagher T-20 Readers

Fri, 10 Jul 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Gallagher
Gallagher t-20 Readers
Vendors & Products Gallagher
Gallagher t-20 Readers

Fri, 10 Jul 2026 06:45:00 +0000

Type Values Removed Values Added
Title Authenticated Operator-Induced Restart Denial of Service in Gallagher T‑20 Readers

Thu, 09 Jul 2026 11:45:00 +0000

Type Values Removed Values Added
Title Authenticated Operator-Induced Restart Denial of Service in Gallagher T‑20 Readers

Wed, 08 Jul 2026 09:45:00 +0000

Type Values Removed Values Added
Title Authenticated Operator Can Trigger Denial of Service by Restarting Gallagher T‑20 Readers

Tue, 07 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Title Authenticated Operator Can Trigger Denial of Service by Restarting Gallagher T‑20 Readers

Tue, 07 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 07 Jul 2026 05:00:00 +0000

Type Values Removed Values Added
Description Uncaught Exception (CWE-248) in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: * 9.50 prior to vCR9.50.260616a (distributed in 9.50.1587(MR1)) * 9.40 prior to vCR9.40.260616a (distributed in 9.40.3130(MR3)) * 9.30 prior to vCR9.30.260616a (distributed in 9.30.3983(MR5)) * 9.20 prior to vCR9.20.260616a (distributed in 9.20.4349(MR7)) * all versions of 9.10 and prior.
Weaknesses CWE-248
References
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L'}


Subscriptions

Gallagher T-20 Readers
cve-icon MITRE

Status: PUBLISHED

Assigner: Gallagher

Published:

Updated: 2026-07-07T13:37:26.913Z

Reserved: 2026-03-01T23:45:09.724Z

Link: CVE-2026-27790

cve-icon Vulnrichment

Updated: 2026-07-07T13:37:22.318Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-15T14:45:03Z

Weaknesses