CVE-2026-25193
EUVD-2026-3163625.05.2026, 07:16
Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network Service account) are potentially impacted. Mitigation: For sites concerned about exposure, the recommended action is to change the Service Account password. They can also delete any installer log files, usually found in %programdata%\Gallagher\Command Centre.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| gallagher | command_centre | 𝑥 < 9.10.5 | CNA |
| gallagher | command_centre | 𝑥 < 9.30.104 | CNA |
| gallagher | command_centre | 𝑥 < 2.0.9 | CNA |
| gallagher | command_centre | 𝑥 < 10.0.8 | CNA |
| gallagher | command_centre | 𝑥 < 9.60.10 | CNA |
| gallagher | command_centre | 1.0 ≤ 𝑥 < 1.0.10 | CNA |
| gallagher | command_centre | 2.0 ≤ 𝑥 < 2.0.5 | CNA |
| gallagher | command_centre | 𝑥 < 8.70.62 | CNA |
| gallagher | command_centre | 𝑥 < 8.90.16 | CNA |
| gallagher | command_centre | 𝑥 < 8.90.34 | CNA |
| gallagher | command_centre | 𝑥 < 9.60.21 | CNA |
| gallagher | command_centre | 𝑥 < 9.40.5 | CNA |
| gallagher | command_centre | 𝑥 < 9.60.2 | CNA |
| gallagher | command_centre | 𝑥 < 10.1.0 | CNA |
Common Weakness Enumeration