Remote Code Execution Vulnerability in Milestone XProtect Management Server
CVE-2026-3014
6.4MEDIUM
What is CVE-2026-3014?
A security vulnerability exists in the Milestone XProtect Management Server API that allows users with edit permissions to execute arbitrary code within the context of the Management Server Service. This flaw can potentially lead to unauthorized access and control, posing a significant risk to the integrity and security of the system. Milestone has addressed this issue in the latest version release and several cumulative patch updates, ensuring that users can safeguard their systems from exploitation.
Affected Version(s)
XProtect Management Server 0 <= 25.3
