Full Report
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in WolfSSF, fourteen in GeoVision, and one vulnerability in VTK-DICOM.The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy. For
Analysis Summary
This summary details a group of vulnerabilities discovered and disclosed by Cisco Talos in July 2026, involving WolfSSL, GeoVision, and VTK-DICOM software.
---
# Vulnerability: Improper Input Validation and Integer Underflow in WolfSSL
## CVE Details
- **CVE ID:** CVE-2026-28739, CVE-2026-25106, CVE-2026-33091
- **CVSS Score:** Not specified in blog (Talos usually rates these High/Critical)
- **CWE:** CWE-20 (Improper Input Validation), CWE-191 (Integer Underflow)
## Affected Systems
- **Products:** WolfSSL
- **Versions:** Specific versions prior to the July 2026 update
- **Configurations:** Systems utilizing WolfSSL for secure data transfer and embedded security
## Vulnerability Description
WolfSSL contains two improper input validation vulnerabilities and one integer underflow vulnerability. These flaws reside in the handling of TLS/SSL data packets. An attacker could send specially crafted data to trigger the underflow or bypass validation checks, potentially leading to memory corruption or unexpected program behavior.
## Exploitation
- **Status:** Not exploited in the wild (PoC developed by Talos)
- **Complexity:** Medium
- **Attack Vector:** Network
## Impact
- **Confidentiality:** Potential Impact
- **Integrity:** Potential Impact
- **Availability:** High (Denial of Service or Remote Code Execution)
## Remediation
### Patches
- Users should update to the latest version of WolfSSL provided by the vendor.
### Workarounds
- None provided; vendor update is recommended.
---
# Vulnerability: Multiple Flaws in GeoVision Security Products
## CVE Details
- **CVE ID:** 37 CVEs (including CVE-2026-12488, CVE-2026-12486, CVE-2026-42370, CVE-2026-7371, etc.)
- **CVSS Score:** Range from Medium to Critical
- **CWE:** CWE-78 (OS Command Injection), CWE-121 (Stack-based Buffer Overflow), CWE-79 (XSS), CWE-287 (Improper Authentication)
## Affected Systems
- **Products:** GeoVision Cameras, Monitoring Solutions, and Access Control systems
- **Versions:** Various legacy and current firmware versions
- **Configurations:** Web management interfaces and networked security devices
## Vulnerability Description
Talos identified 14 separate advisories covering 37 vulnerabilities. These include:
- **OS Command Injection:** Allows attackers to execute arbitrary system commands.
- **Buffer/Stack Overflows:** Memory corruption vulnerabilities that can lead to remote code execution (RCE).
- **Privilege Escalation:** Allows users to gain unauthorized administrative access.
- **Reflected XSS:** Enables hijacking of user sessions via malicious scripts.
- **Insufficient Encryption:** Weakness in protecting sensitive data in transit.
## Exploitation
- **Status:** PoC available in Talos research reports
- **Complexity:** Low to Medium
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- Apply firmware updates provided by GeoVision for the specific hardware model affected.
### Workarounds
- Isolate GeoVision devices on a separate VLAN.
- Disable web management interfaces if not required for daily operation.
---
# Vulnerability: VTK-DICOM Heap-Based Buffer Overflow
## CVE Details
- **CVE ID:** CVE-2026-22879
- **CVSS Score:** Not specified (Typically High)
- **CWE:** CWE-122 (Heap-based Buffer Overflow)
## Affected Systems
- **Products:** VTK (Visualization Toolkit) - DICOM API
- **Versions:** Versions prior to the July 2026 patches
- **Configurations:** Software utilizing VTK-DICOM to parse medical imaging data
## Vulnerability Description
The VTK-DICOM API contains a heap-based buffer overflow flaw. This occurs during the parsing of Digital Imaging and Communications in Medicine (DICOM) data. If a user is tricked into opening a specially crafted, malicious DICOM file, the flaw can trigger a memory overflow.
## Exploitation
- **Status:** PoC available
- **Complexity:** Medium
- **Attack Vector:** Local (via malicious file processing)
## Impact
- **Confidentiality:** High
- **Integrity:** High
- **Availability:** High
## Remediation
### Patches
- Update to the latest version of VTK-DICOM available on GitHub or via the vendor.
---
## Detection
- **Snort Coverage:** Rules are available via the latest Snort rule sets at hxxps[://]snort[.]org.
- **Indicators of Compromise:** Unusual OS commands executed by web server users (GeoVision), or crashes in medical imaging software when opening specific DICOM files (VTK).
## References
- **Talos Blog:** hxxps[://]blog[.]talosintelligence[.]com/wolfssl-geovision-vtk-vulnerabilities/
- **Vulnerability Advisories:** hxxps[://]talosintelligence[.]com/vulnerability_reports