CVE-2026-1023
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: TWCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gotac | statistics_database_system | to 1.0.4 (exc) |
| gotac | zongti_tongji_database_system | to 1.0.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1023 is a Missing Authentication vulnerability in the Statistics Database System (version 1.0.3 and earlier) developed by Gotac. It allows unauthenticated remote attackers to directly query the database contents through specific functions without proper identity verification or authorization. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive data because attackers can remotely access and query the database contents without authentication. It has a high impact on confidentiality but does not affect data integrity or availability. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Statistics Database System to version 1.0.4 or later, as the issue is resolved in that version. [1, 2]