Vulnerability affecting Security Center systems main server installations
A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of active exploitation.
Risk assessment
This vulnerability (CVE-2026-40619) affects the machine on which the server component of Security Center is installed. Successful exploitation could allow an attacker to discover the Server Admin credentials used at installation time. The CVSS v3.1 base score for this vulnerability is 7.8 (High).
Details
The Server Admin password may be captured in installation logs under specific conditions during installation. Exploitation requires access to the local system and log files. This affects only main server installations, not expansion servers.
The vulnerability is present in Security Center versions 5.7 SR6 through 5.13. It affects only new server deployments. This means if you downloaded a Security Center version prior to SC 5.7 SR6 and upgraded it over time on the same main server, the vulnerability is not present.
Recommendation
We recommend that you take the following actions as soon as possible:
- Rotate the Server Admin password if it hasn’t been changed since installation
- Execute the standalone utility tool SecurityUtility_CVE-2026-40619_SAM.exe provided by Genetec on the main server to identify and remove installation logs containing sensitive data
Workarounds
If you cannot apply remediations in a timely fashion, access to the following folder should be restricted to administrator users: ProgramData\Genetec\Installation.
If a custom location was specified during installation using the silent installer, you need to restrict permissions on that folder.
Affected products
Product |
Affected |
How to patch |
| Security Center 5.7 SR6 to 5.9 | Yes |
|
| 5.10.0 to 5.10.3 | Yes |
|
| 5.10.4 | Downloaded before May 21st, 2026:
|
Downloaded before May 21st, 2026:
|
| 5.11.0 to 5.11.2 | Yes |
|
| 5.11.3 | Downloaded before May 13th, 2026:
|
Downloaded before May 13th, 2026:
|
| 5.12.0 to 5.12.1 | Yes |
|
| 5.12.2 | Downloaded before May 13th, 2026:
|
Downloaded before May 13th, 2026:
|
| 5.13.0 to 5.13.2 | Yes |
|
| 5.13.3 | Downloaded before May 14th, 2026:
|
Downloaded before May 14th, 2026:
|
| 5.14.0 | No |
Please refer to KBA-79291 to learn how to determine if a given binary is affected or not, depending on the date and hash number.
For more information or assistance, please log in to the Genetec Portal to open a support case.