External risk intelligence

GV Edge Recording Manager could allow an internal attacker to gain full control of the operating system.

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2026-4606

An internal attacker could gain full operating system control via GV Edge Recording Manager, risking sensitive data and critical operations.

1Halo Surface Signal

Privilege Escalation

External exposure likelihood

Halo Surface Signal score for CVE-2026-4606

The vulnerability requires pre-existing local access to a machine running the software. It is a local privilege escalation issue involving file dialog interactions within the application's process context, and it lacks any mechanism for remote or network-based exploitation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:I/V:C/RE:M/U:Green

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability allows any local user to gain complete control of the operating system by exploiting how the GeoVision Edge Recording Manager (ERM) runs application components with SYSTEM-level privileges. When certain ERM functions are used, like importing data, they open dialogs that run with these high privileges, enabling modification or deletion of critical system files. This could lead to a full system compromise.

  • Local users can take over the system.
  • Any function using file dialogs is affected.

Attack Path

How an attacker could exploit the issue

This vulnerability allows any local user with access to a system running GV Edge Recording Manager (ERM) v2.3.1 to escalate their privileges to SYSTEM. By triggering ERM functions that open file dialogs, an attacker can exploit the elevated SYSTEM privileges of these dialogs to modify or delete critical operating system files, leading to full system compromise.

  • Requires local access.
  • Exploits file dialogs.
  • Leads to SYSTEM compromise.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows for local privilege escalation, granting a local user SYSTEM-level control by exploiting how the application handles file dialogs. While not remotely exploitable, it could be chained with other vulnerabilities to achieve full system compromise. The current threat picture is somewhat uncertain as the vulnerability requires initial local access, making it less appealing than direct remote code execution exploits, but still valuable for attackers already on a system.

  • Requires existing local access.
  • No known public exploits.
  • Exploitation requires user interaction.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Teams should prioritize mitigating local privilege escalation risks in the GV Edge Recording Manager (ERM) by addressing the SYSTEM-level privileges granted to application components. Focus on immediate containment or patching to prevent unauthorized system control and potential compromise through the vulnerable import data function.

  • Isolate affected systems or disable the ERM service.
  • Apply vendor patches when available.
  • Monitor for unusual file access patterns.

Frequently asked questions

What is GV Edge Recording Manager (ERM) and its vulnerability?

GV Edge Recording Manager (ERM) is software for managing video recordings from GeoVision devices. Version 2.3.1 contains a vulnerability that allows local users to gain excessive control by running application components with SYSTEM-level privileges. This means a local user can obtain full control of the operating system.

What is CVE-2026-4606 and its weakness class?

CVE-2026-4606 is a critical elevation of privilege vulnerability. It is classified under CWE-250, which relates to the execution of code with elevated privileges. This flaw enables a user with limited access to gain higher, SYSTEM-level permissions.

How can CVE-2026-4606 be triggered?

The vulnerability can be triggered by any local user. When ERM functions, such as 'Import Data,' open a Windows file dialog, these dialogs operate with SYSTEM permissions. This allows for the modification or deletion of protected system files and directories, leading to a potential full system compromise.

What is the relevance of CVE-2026-4606?

The relevance of this CVE is moderate. While it allows for local privilege escalation to SYSTEM level, it requires pre-existing local access to the affected machine. It is not considered a high-priority threat for widespread exploitation because it lacks remote attack capabilities, but it remains a significant risk for attackers already present on a network. Halo Surface Signal assesses the likelihood as 'Very unlikely' due to the local access requirement.

What steps can be taken to respond to this vulnerability?

To address this vulnerability, teams should prioritize mitigating local privilege escalation risks. Recommended actions include isolating affected systems or disabling the ERM service, and applying vendor patches as soon as they become available. Monitoring for unusual file access patterns on systems running ERM is also advised.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified