Cisco Talos Discloses Multiple Vulnerabilities in WolfSSL, GeoVision, and VTK-DICOM
- CVE ID
- CVE-2026-28739, CVE-2026-25106, CVE-2026-33091, CVE-2026-12488, CVE-2026-12486, CVE-2026-12849, CVE-2026-12850, CVE-2026-12851, CVE-2026-12485, CVE-2026-12846, CVE-2026-12847, CVE-2026-12848, CVE-2026-42370, CVE-2026-7372, CVE-2026-42369, CVE-2026-42368, CVE-2026-42367, CVE-2026-7371, CVE-2026-42366, CVE-2026-42364, CVE-2026-42365, CVE-2026-7161, CVE-2026-57273, CVE-2026-57274, CVE-2026-57275, CVE-2026-57276, CVE-2026-57277, CVE-2026-57278, CVE-2026-22879
- CVSS Score
- N/A
- Affected Products
- WolfSSL, GeoVision products, VTK-DICOM
Overview
Cisco Talos’s Vulnerability Discovery & Research team has recently disclosed a multitude of vulnerabilities across several widely used software and hardware components: WolfSSL, GeoVision security technologies, and the VTK-DICOM API. These disclosures, made public on July 9, 2026, collectively detail a range of critical and high-severity issues that could lead to serious security implications, including arbitrary code execution, denial-of-service, privilege escalation, and sensitive data exposure. All affected vendors have been notified in accordance with Cisco’s responsible disclosure policy, and patches have since been released.
Technical Details
The vulnerabilities span different types and products:
WolfSSL Vulnerabilities: Ankur Tyagi of Cisco Talos identified three flaws in WolfSSL, an open-source product providing lightweight and embedded security solutions for secure data transfer. These include two improper input validation vulnerabilities (CVE-2026-28739 and CVE-2026-25106) and one integer underflow vulnerability (CVE-2026-33091). These types of flaws could potentially be exploited to cause a denial-of-service or execute arbitrary code.
GeoVision Vulnerabilities: Philippe Laulheret of Cisco Talos discovered a significant number of vulnerabilities—fourteen advisories covering 37 distinct CVEs—in GeoVision’s security technologies, which include cameras and monitoring solutions. These vulnerabilities encompass memory corruption (CVE-2026-12488), OS command injection (CVE-2026-12486, CVE-2026-12849, CVE-2026-12850, CVE-2026-12851, CVE-2026-42364), buffer overflow (CVE-2026-12485, CVE-2026-12846, CVE-2026-12847, CVE-2026-12848, CVE-2026-57273 through CVE-2026-57278), stack overflow (CVE-2026-42370, CVE-2026-7372, CVE-2026-42369), privilege escalation (CVE-2026-42368, CVE-2026-42367), reflected cross-site scripting (XSS) (CVE-2026-7371, CVE-2026-42366), guessable session cookie (CVE-2026-42365), and insufficient encryption (CVE-2026-7161). These wide-ranging vulnerabilities could allow attackers to gain unauthorized access, execute arbitrary code, or disrupt operations in affected GeoVision systems.
VTK-DICOM Vulnerability: Emmanuel Tacheau of Cisco Talos identified a heap-based buffer overflow vulnerability (CVE-2026-22879) in the VTK-DICOM API. This API is used with the Visualization Toolkit (VTK), an open-source solution for handling scientific data and 3D rendering, specifically for parsing Digital Imaging and Communications in Medicine (DICOM) medical data. Such a vulnerability in medical imaging software could have severe consequences for data integrity and patient privacy.
Real-World Impact
The cumulative impact of these vulnerabilities is substantial. For WolfSSL, critical applications relying on it for secure data transfer could be susceptible to compromise, potentially leading to data manipulation or system crashes. The extensive list of vulnerabilities in GeoVision products means that surveillance systems, access controls, and monitoring solutions could be entirely compromised, allowing unauthorized access, sabotage of security infrastructure, or data exfiltration from sensitive environments. The VTK-DICOM vulnerability, affecting medical data processing, could lead to the corruption or unauthorized disclosure of patient medical images and related information, with serious implications for patient care, privacy, and regulatory compliance under healthcare data protection laws.
Threat Landscape
These disclosures highlight the continuous need for vigilance across various technology stacks. The vulnerabilities in WolfSSL underscore the importance of securing foundational libraries and embedded systems, which are often overlooked but critical components. The GeoVision findings emphasize the persistent attack surface presented by Internet of Things (IoT) and operational technology (OT) devices, particularly in physical security and surveillance sectors. These devices are frequently targeted due to their direct access to sensitive environments and often less robust security update mechanisms. The VTK-DICOM vulnerability reminds us that specialized software handling sensitive data, such as medical imaging, is equally vulnerable and requires rigorous security auditing. Threat actors continuously scan for such weaknesses, making patched and updated systems the first line of defense against potential exploitation.
Remediation
The respective vendors have already released patches to address these vulnerabilities, in adherence to Cisco’s third-party vulnerability disclosure policy. Organizations utilizing WolfSSL, GeoVision products, and VTK-DICOM should prioritize applying these security updates immediately. For GeoVision users, a comprehensive review of their security systems and configurations is advised following patching. For VTK-DICOM users, verifying the integrity of medical data processing pipelines after applying the patch is crucial. Furthermore, organizations should implement a robust vulnerability management program that includes regular scanning for known vulnerabilities, continuous monitoring of system integrity, and adherence to vendor-provided security advisories. Network segmentation, strong access controls, and a well-tested incident response plan are additional layers of defense that can mitigate the impact of successful exploits.
Found something similar in your stack?
Let's find out before it becomes an incident.
Book an advisory call