Remote Code Execution Vulnerability in Milestone XProtect Management Server
CVE-2026-3014

6.4MEDIUM

Key Information:

Vendor
CVE Published:
14 July 2026

What is CVE-2026-3014?

A security vulnerability exists in the Milestone XProtect Management Server API that allows users with edit permissions to execute arbitrary code within the context of the Management Server Service. This flaw can potentially lead to unauthorized access and control, posing a significant risk to the integrity and security of the system. Milestone has addressed this issue in the latest version release and several cumulative patch updates, ensuring that users can safeguard their systems from exploitation.

Affected Version(s)

XProtect Management Server 0 <= 25.3

References

CVSS V4

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.