Description
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
Published: 2026-05-09
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an access control flaw in Hikvision HikCentral Professional that allows an unauthenticated attacker to obtain administrative privileges. The advisory does not provide additional details on the potential impacts beyond gaining admin permission.

Affected Systems

Hikvision HikCentral Professional—any affected version listed by the vendor. No explicit version range is provided by the CNA, so every deployed instance should be assumed vulnerable until updated.

Risk and Exploitability

The CVSS score of 6.8 indicates a medium severity. EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote and unauthenticated, as inferred from the description, which mentions that an unauthenticated user can obtain admin permission. If an attacker can reach the HikCentral service, the flaw can be exploited without prior authentication to elevate privileges to admin.

Generated by OpenCVE AI on May 9, 2026 at 10:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and apply the latest security patch for HikCentral Professional from Hikvision’s advisory page
  • Restrict external network access to the HikCentral system by configuring firewall rules or placing it behind a DMZ so that only trusted internal hosts can reach it
  • Monitor system logs for unauthorized access attempts and verify that administrative permissions are not granted to unexpected users after the patch

Generated by OpenCVE AI on May 9, 2026 at 10:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Hikvision
Hikvision hikcentral Professional
Vendors & Products Hikvision
Hikvision hikcentral Professional

Sat, 09 May 2026 11:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Access Control Vulnerability Allowing Admin Privilege Escalation in Hikvision HikCentral Professional
Weaknesses CWE-284

Sat, 09 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N'}

Subscriptions

Hikvision Hikcentral Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: hikvision

Published:

Updated: 2026-05-09T08:27:15.849Z

Reserved: 2026-02-02T02:00:26.271Z

Link: CVE-2026-1749

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-09T09:16:08.823

Modified: 2026-05-09T09:16:08.823

Link: CVE-2026-1749

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T11:30:25Z

Weaknesses