Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for XProtect Management Server by Milestone Systems
CVE-2026-3014 (GCVE-0-2026-3014)
Vulnerability from nvd – Published: 2026-07-14 09:45 – Updated: 2026-07-16 12:40
VLAI
EPSS
VEX
Title
Remote Code Execution by administrative user on the Management Server
Summary
Milestone
has released a new version of XProtect® (and several cumulative patch updates)
which fix security vulnerability in Management Server API.
The vulnerability
causes users with edit permissions to the Management Server to be able to
execute arbitrary code in context of the Management Server Service.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.milestonesys.com/article/CVE-2026… | permissions-required |
| https://doc.milestonesys.com/en-US/bundle/sec1504… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Milestone Systems | XProtect Management Server |
Affected:
0 , ≤ 25.3
(custom)
|
Date Public
2026-07-14 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:08:38.312691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:08:51.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XProtect Management Server",
"vendor": "Milestone Systems",
"versions": [
{
"lessThanOrEqual": "25.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Icare"
},
{
"lang": "en",
"type": "finder",
"value": "Zyp3"
}
],
"datePublic": "2026-07-14T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMilestone\nhas released a new version of XProtect\u00ae (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\u003c/p\u003e\u003cp\u003eThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service.\u0026nbsp;\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Milestone\nhas released a new version of XProtect\u00ae (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\n\n\n\nThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:40:32.623Z",
"orgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"shortName": "Milestone"
},
"references": [
{
"tags": [
"permissions-required"
],
"url": "https://support.milestonesys.com/article/CVE-2026-3014-potential-remote-code-execution-by-admin-user-on-Management-Server"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/milestone_security_advisory_CVE-2026-3014_potential_remote_code_execution_by_admin_user_on_Management_Server.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo\nmitigate the issue, we highly recommend upgrading to the latest version of\nXProtect VMS. For versions 2023 R3 \u2013 2025 R3, please use the\nprovided cumulative patches.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe affected components that need to be patched are\nXProtect Management Server, XProtect Recording Server and XProtect Management\nClient.\u003c/p\u003e"
}
],
"value": "To\nmitigate the issue, we highly recommend upgrading to the latest version of\nXProtect VMS. For versions 2023 R3 \u2013 2025 R3, please use the\nprovided cumulative patches.\u00a0\n\n\n\nThe affected components that need to be patched are\nXProtect Management Server, XProtect Recording Server and XProtect Management\nClient."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution by administrative user on the Management Server",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"assignerShortName": "Milestone",
"cveId": "CVE-2026-3014",
"datePublished": "2026-07-14T09:45:22.651Z",
"dateReserved": "2026-02-23T09:28:18.635Z",
"dateUpdated": "2026-07-16T12:40:32.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3014 (GCVE-0-2026-3014)
Vulnerability from cvelistv5 – Published: 2026-07-14 09:45 – Updated: 2026-07-16 12:40
VLAI
EPSS
VEX
Title
Remote Code Execution by administrative user on the Management Server
Summary
Milestone
has released a new version of XProtect® (and several cumulative patch updates)
which fix security vulnerability in Management Server API.
The vulnerability
causes users with edit permissions to the Management Server to be able to
execute arbitrary code in context of the Management Server Service.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.milestonesys.com/article/CVE-2026… | permissions-required |
| https://doc.milestonesys.com/en-US/bundle/sec1504… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Milestone Systems | XProtect Management Server |
Affected:
0 , ≤ 25.3
(custom)
|
Date Public
2026-07-14 10:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3014",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:08:38.312691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:08:51.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XProtect Management Server",
"vendor": "Milestone Systems",
"versions": [
{
"lessThanOrEqual": "25.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Icare"
},
{
"lang": "en",
"type": "finder",
"value": "Zyp3"
}
],
"datePublic": "2026-07-14T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMilestone\nhas released a new version of XProtect\u00ae (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\u003c/p\u003e\u003cp\u003eThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service.\u0026nbsp;\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Milestone\nhas released a new version of XProtect\u00ae (and several cumulative patch updates)\nwhich fix security vulnerability in Management Server API.\n\n\n\nThe vulnerability\ncauses users with edit permissions to the Management Server to be able to\nexecute arbitrary code in context of the Management Server Service."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:40:32.623Z",
"orgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"shortName": "Milestone"
},
"references": [
{
"tags": [
"permissions-required"
],
"url": "https://support.milestonesys.com/article/CVE-2026-3014-potential-remote-code-execution-by-admin-user-on-Management-Server"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://doc.milestonesys.com/en-US/bundle/sec1504_latest/page/milestone_security_advisory_CVE-2026-3014_potential_remote_code_execution_by_admin_user_on_Management_Server.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo\nmitigate the issue, we highly recommend upgrading to the latest version of\nXProtect VMS. For versions 2023 R3 \u2013 2025 R3, please use the\nprovided cumulative patches.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe affected components that need to be patched are\nXProtect Management Server, XProtect Recording Server and XProtect Management\nClient.\u003c/p\u003e"
}
],
"value": "To\nmitigate the issue, we highly recommend upgrading to the latest version of\nXProtect VMS. For versions 2023 R3 \u2013 2025 R3, please use the\nprovided cumulative patches.\u00a0\n\n\n\nThe affected components that need to be patched are\nXProtect Management Server, XProtect Recording Server and XProtect Management\nClient."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution by administrative user on the Management Server",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "cf45122d-9d50-442a-9b23-e05cde9943d8",
"assignerShortName": "Milestone",
"cveId": "CVE-2026-3014",
"datePublished": "2026-07-14T09:45:22.651Z",
"dateReserved": "2026-02-23T09:28:18.635Z",
"dateUpdated": "2026-07-16T12:40:32.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}