Description
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. 
Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted.

Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.
Published: 2026-05-25
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During the installation of Gallagher Command Centre Service components, the setup process writes sensitive information, such as service account credentials, to log files. This direct exposure of secrets can lead to credential leakage, compromising account integrity and potentially granting unauthorized access. The weakness is classified as CWE‑532, insertion of sensitive information into logs.

Affected Systems

The affected products include all Gallagher services that rely on the Command Centre Service installer, such as Gallagher:Active Directory Sync, Gallagher:Cardholder Sync Utility, Gallagher:Command Centre Server, Gallagher:Diagnostics Service, Gallagher:Elevator Service, Gallagher:Encoding Kiosk Application, Gallagher:Entra ID Sync, Gallagher:Event Logger, Gallagher:Event Sync Utility, Gallagher:Middleware Framework, Gallagher:Nexudus Integration, Gallagher:Okta Sync, Gallagher:Papercut Interface Integration, and Gallagher:SIP Integration. Version details are not specified; any installation that uses a custom service account rather than the default Network Service account may be exposed.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity, but the EPSS score is unavailable, making the exact exploitation likelihood difficult to assess. This vulnerability is local in nature; it can be exploited during installation or by anyone who has performed a legitimate installation with a custom service account. Because the exposure concerns credentials that grant administrative or service-level privileges, the impact of successful exploitation could be significant. The issue is not listed in CISA’s KEV catalog, yet the potential for credential compromise warrants immediate action, especially on environments where custom service accounts are employed.

Generated by OpenCVE AI on May 25, 2026 at 07:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Change the password of any custom service account used by Gallagher Command Centre Services.
  • Delete the installer log files stored in %programdata%\Gallagher\Command Centre to remove recorded credentials.
  • Verify that future installations no longer log sensitive data, and consider using the default Network Service account if it meets operational requirements.

Generated by OpenCVE AI on May 25, 2026 at 07:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Gallagher
Gallagher active Directory Sync
Gallagher cardholder Sync Utility
Gallagher command Centre
Gallagher diagnostics Service
Gallagher elevator Service
Gallagher encoding Kiosk Application
Gallagher entra Id Sync
Gallagher event Logger
Gallagher event Sync Utility
Gallagher middleware Framework
Gallagher nexudus Integration
Gallagher okta Sync
Gallagher papercut Interface Integration
Gallagher sip Integration
Vendors & Products Gallagher
Gallagher active Directory Sync
Gallagher cardholder Sync Utility
Gallagher command Centre
Gallagher diagnostics Service
Gallagher elevator Service
Gallagher encoding Kiosk Application
Gallagher entra Id Sync
Gallagher event Logger
Gallagher event Sync Utility
Gallagher middleware Framework
Gallagher nexudus Integration
Gallagher okta Sync
Gallagher papercut Interface Integration
Gallagher sip Integration

Mon, 25 May 2026 07:45:00 +0000

Type Values Removed Values Added
Title Sensitive Information Disclosure via Installer Log Files in Gallagher Command Centre Services

Mon, 25 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:H'}

Subscriptions

Gallagher Active Directory Sync Cardholder Sync Utility Command Centre Diagnostics Service Elevator Service Encoding Kiosk Application Entra Id Sync Event Logger Event Sync Utility Middleware Framework Nexudus Integration Okta Sync Papercut Interface Integration Sip Integration
cve-icon MITRE

Status: PUBLISHED

Assigner: Gallagher

Published:

Updated: 2026-05-26T14:24:08.348Z

Reserved: 2026-03-01T23:45:09.705Z

Link: CVE-2026-25193

cve-icon Vulnrichment

Updated: 2026-05-26T14:24:05.451Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-25T07:16:14.263

Modified: 2026-05-26T20:24:31.350

Link: CVE-2026-25193

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T11:33:02Z

Weaknesses
  • CWE-532

    Insertion of Sensitive Information into Log File