Milesight AIOT Cameras Vulnerable to Out-of-Bounds Memory Access (CVE-2026-20766)
A critical out-of-bounds memory access vulnerability, tracked as CVE-2026-20766, has been identified in specific firmware versions of Milesight AIOT cameras. The National Vulnerability Database (NVD) assigns this flaw a CVSSv3.1 score of 8.8 (HIGH), indicating significant risk.
This vulnerability, categorized under CWE-122, could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial-of-service condition. The attack vector is network-based, and while user interaction is required, it’s a low-complexity attack. The potential impact includes high confidentiality, integrity, and availability compromise.
Milesight AIOT cameras are widely deployed in various environments, from corporate surveillance to critical infrastructure. The high CVSS score reflects the serious implications for any organization relying on these devices. Defenders need to prioritize patching and network segmentation for these critical endpoints.
What This Means For You
- If your organization deploys Milesight AIOT cameras, identify all units immediately. Check firmware versions against vendor advisories for CVE-2026-20766 and apply patches without delay. Isolate these devices on a dedicated network segment until patched, as this vulnerability allows for remote compromise with high impact.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-20766 - Milesight AIOT Camera Out-of-Bounds Memory Access
title: CVE-2026-20766 - Milesight AIOT Camera Out-of-Bounds Memory Access
id: scw-2026-04-28-ai-1
status: experimental
level: critical
description: |
Detects potential exploitation of CVE-2026-20766 by looking for specific URI paths and query parameters commonly associated with the vulnerability in Milesight AIOT cameras. This targets the out-of-bounds memory access vulnerability during system information updates.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-20766/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/cgi-bin/admin/system.cgi'
cs-uri-query|contains:
- 'setSystemInfo'
cs-method:
- 'POST'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-20766 | Memory Corruption | Out-of-bounds memory access |
| CVE-2026-20766 | Affected Product | Milesight AIOT cameras firmware |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 28, 2026 at 04:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7218: Totolink N300RT Buffer Overflow Exploited Remotely
CVE-2026-7218 — A vulnerability was detected in Totolink N300RT 3.4.0-B20250430. The impacted element is the function is_cmd_string_valid of the file /boafrm/formWsc of the component libapmib.so....
CVE-2026-7217 — Deepractice PromptX Path Traversal
CVE-2026-7217 — A security vulnerability has been detected in Deepractice PromptX up to 2.4.0. The affected element is the function read_docx/read_xlsx/read_pptx/list_xlsx_sheets/read_pdf of the file packages/mcp-office/src/index.ts...
CVE-2026-7216: donchelo processing-claude-mcp-bridge Path Traversal
CVE-2026-7216 — A weakness has been identified in donchelo processing-claude-mcp-bridge up to e017b20a4b592a45531a6392f494007f04e661bd. Impacted is an unknown function of the file processing_server.py of the component...