GeoVision GV-ASWeb RCE: High-Severity Flaw Affects Notification Settings
The National Vulnerability Database has identified a critical remote code execution vulnerability (CVE-2026-7841) in GeoVision’s GV-ASWeb software, specifically affecting version 6.2.0. This flaw allows an authenticated attacker with system setting privileges to execute arbitrary commands on the server.
The exploit hinges on sending a specially crafted HTTP POST request to the ASWebCommon.srf backend endpoint. This bypasses front-end security measures, granting the attacker the ability to compromise the server. The National Vulnerability Database assigns this vulnerability a CVSS score of 8.8 (HIGH), highlighting its significant risk.
Defenders should prioritize patching or updating all GeoVision GV-ASWeb installations to a secure version. For organizations unable to patch immediately, enhanced monitoring of network traffic to and from ASWebCommon.srf endpoints is crucial. Reviewing access logs for any unusual activity or unauthorized command execution attempts should also be a priority.
What This Means For You
- If your organization uses GeoVision GV-ASWeb, immediately check your version and apply any available patches for CVE-2026-7841. If patching is delayed, scrutinize ASWebCommon.srf traffic for anomalies and confirm that only authorized administrators can access system settings.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7841 - GeoVision GV-ASWeb Notification Settings RCE
title: CVE-2026-7841 - GeoVision GV-ASWeb Notification Settings RCE
id: scw-2026-05-06-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-7841 by targeting the ASWebCommon.srf endpoint with a POST request and a URI query containing 'Notification', indicative of the vulnerability in GeoVision GV-ASWeb's notification settings.
author: SCW Feed Engine (AI-generated)
date: 2026-05-06
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7841/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|endswith:
- '/ASWebCommon.srf'
cs-method:
- 'POST'
cs-uri-query|contains:
- 'Notification'
selection_base:
cs-uri|endswith:
- '/ASWebCommon.srf'
cs-method:
- 'POST'
selection_indicators:
cs-uri-query|contains:
- 'Notification'
condition: selection_base AND selection_indicators
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7841 | RCE | GeoVision GV-ASWeb 6.2.0 |
| CVE-2026-7841 | RCE | Notification Settings |
| CVE-2026-7841 | RCE | ASWebCommon.srf backend endpoint |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 06, 2026 at 11:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-40001 — Code Execution
CVE-2026-40001 — There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary...
CVE-2026-35255 — The Oracle Cloud Native Environment Command Line Interface P Vulnerability
CVE-2026-35255 — Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily...
WordPress Gravity Bookings Plugin Vulnerable to SQL Injection (CVE-2026-1719)
CVE-2026-1719 — The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient...