CVE-2026-4312
Analyzed Analyzed - Analysis Complete

Missing Authentication in DrangSoft GCB/FCB Allows Admin Account Creation

Vulnerability report for CVE-2026-4312, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-17

Last updated on: 2026-06-05

Assigner: TWCERT/CC

Description

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-17
Last Modified
2026-06-05
Generated
2026-07-06
AI Q&A
2026-03-17
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
dragonsoft gcb/fcb_government_financial_cybersecurity_configuration_audit_software *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-4312 is a critical Missing Authentication vulnerability in the GCB/FCB Audit Software developed by DrangSoft and Zhonghua Longwang. This flaw allows unauthenticated remote attackers to bypass authentication and directly access certain APIs.

By exploiting this vulnerability, attackers can create new administrative accounts without any identity verification, effectively gaining full administrative control over the software.

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to gain unauthorized administrative access remotely without any authentication.

  • Attackers can create new administrator accounts.
  • Confidentiality, integrity, and availability of the system are all highly impacted.
  • The attacker can fully control the affected software, potentially leading to data breaches, manipulation of audit results, and disruption of services.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the GCB/FCB Audit Software to version 20260108 or later.

This update includes a fix for the Missing Authentication vulnerability that allows unauthenticated remote attackers to create new administrative accounts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4312. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart