Arbitrary File Upload Vulnerability in H.View IP Cameras
CVE-2026-56414

8.6HIGH

Key Information:

Vendor: H.view
Status: Hv-500s6 Ip Camera
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-56414?

A design flaw in H.View IP cameras allows authenticated users to upload arbitrary files through certificate-related interfaces. This oversight permits the storage of unvalidated file types at specific filesystem locations, which are typically reserved for trusted certificate material. As a result, unexpected or malformed data can be placed in these locations, potentially leading to unforeseen impacts on the system's integrity or behavior, even after the device has been rebooted.

Affected Version(s)

HV-500S6 IP Camera IPCAM_V4.06.88.251229

References

https://hviewsmart.com/pages/contact-us

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Fukuhara Rikuto of Smooth Inc. (CTO) and Hosei University reported this vulnerability to CISA.

CVE-2026-56414 Data

JSON

H.view

What is CVE-2026-56414?

Affected Version(s)

References

CVSS V4

Timeline

Credit