Description
The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.
Published: 2026-02-26
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access / Live Stream Viewing
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an authentication bypass in the web management interface of Pelco, Inc. Sarix Professional 3 Series cameras. It results from inadequate enforcement of access controls, allowing unauthorized users to view live video streams. This creates privacy concerns, operational risks, and may expose organizations to regulatory and compliance challenges.

Affected Systems

Pelco, Inc. Sarix Professional 3 Series IP cameras, including the IBP 3 Series, IMP 3 Series, IWP 3 Series, and IXP 3 Series models. Cameras running firmware versions earlier than 02.53 are affected.

Risk and Exploitability

The CVSS score of 8.7 denotes high severity. The EPSS score of <1% indicates a low probability of exploitation at this time, and the vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog. The flaw can be leveraged by an attacker who can send requests to the camera's web management interface, bypassing authentication controls and retrieving unencrypted live video streams. The attack likely occurs over HTTP/HTTPS and does not require local access or privileged credentials.

Generated by OpenCVE AI on April 17, 2026 at 14:16 UTC.

Remediation

Vendor Solution

Pelco, Inc. recommends that all Sarix Professional 3 Series Camera users update their camera firmware to version 02.53 or later. Installing the latest firmware ensures your device receives the most up-to-date bug fixes and critical security enhancements. More information can be found by visiting Pelco, Inc's technical support page ( https://www.pelco.com/support ) for assistance.

OpenCVE Recommended Actions

  • Apply the latest firmware update (02.53 or later) to all Sarix Professional 3 Series cameras.
  • If a firmware upgrade is not immediately possible, restrict or disable the web management interface and enforce network segmentation so only trusted devices can reach it.
  • Implement strict access controls on the camera’s management interface, such as firewall rules or VPN tunnels, to limit exposure to authorized personnel only.

Generated by OpenCVE AI on April 17, 2026 at 14:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Pelco
Pelco sarix Professional Ibp 3 Series
Pelco sarix Professional Imp 3 Series
Pelco sarix Professional Iwp 3 Series
Pelco sarix Professional Ixp 3 Series
Vendors & Products Pelco
Pelco sarix Professional Ibp 3 Series
Pelco sarix Professional Imp 3 Series
Pelco sarix Professional Iwp 3 Series
Pelco sarix Professional Ixp 3 Series

Thu, 26 Feb 2026 20:00:00 +0000

Type Values Removed Values Added
Description The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lead to unauthorized viewing of live video streams, creating privacy concerns and operational risks for organizations relying on these cameras. Additionally, it may expose operators to regulatory and compliance challenges.
Title Authentication Bypass Using an Alternate Path or Channel in Pelco, Inc. Sarix Pro 3 Series IP Cameras
Weaknesses CWE-288
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Pelco Sarix Professional Ibp 3 Series Sarix Professional Imp 3 Series Sarix Professional Iwp 3 Series Sarix Professional Ixp 3 Series
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-02-26T20:43:53.216Z

Reserved: 2026-01-20T18:26:34.854Z

Link: CVE-2026-1241

cve-icon Vulnrichment

Updated: 2026-02-26T20:43:17.816Z

cve-icon NVD

Status : Deferred

Published: 2026-02-26T20:31:33.657

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1241

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:30:20Z

Weaknesses