Critical severityNVD Advisory· Published Mar 23, 2026· Updated May 19, 2026

CVE-2026-4606

Description

GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.

During installation, ERM creates a Windows service that runs under the LocalSystem account.

When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.

Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.

Any ERM function invoking Windows file open/save dialogs exposes the same risk.

This vulnerability allows local privilege escalation and may result in full system compromise.

Affected products

Geovision/GV Edge Recording Managerllm-create
Range: = 2.3.1
GeoVision/GV-Edge Recording Managerv5
Range: 2.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

https//www.geovision.com.tw/cyber_security.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000