CVE-2026-1241

Authentication Bypass Using an Alternate Path or Channel in Pelco, Inc. Sarix Pro 3 Series IP Cameras

CVSS 8.7 HIGHEPSS 0.3%CWE-288

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

26 fev 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Pelco, Inc. · Sarix Professional IBP 3 Series Pelco, Inc. · Sarix Professional IMP 3 Series Pelco, Inc. · Sarix Professional IWP 3 Series Pelco, Inc. · Sarix Professional IXP 3 Series

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-02