CVE-2026-4312
Analyzed Analyzed - Analysis Complete
Missing Authentication in DrangSoft GCB/FCB Allows Admin Account Creation

Publication date: 2026-03-17

Last updated on: 2026-06-05

Assigner: TWCERT/CC

Description
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-17
Last Modified
2026-06-05
Generated
2026-06-16
AI Q&A
2026-03-17
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4312
EUVD
EUVD-2026-12547
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dragonsoft gcb/fcb_government_financial_cybersecurity_configuration_audit_software *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4312 is a critical Missing Authentication vulnerability in the GCB/FCB Audit Software developed by DrangSoft and Zhonghua Longwang. This flaw allows unauthenticated remote attackers to bypass authentication and directly access certain APIs.

By exploiting this vulnerability, attackers can create new administrative accounts without any identity verification, effectively gaining full administrative control over the software.

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to gain unauthorized administrative access remotely without any authentication.

  • Attackers can create new administrator accounts.
  • Confidentiality, integrity, and availability of the system are all highly impacted.
  • The attacker can fully control the affected software, potentially leading to data breaches, manipulation of audit results, and disruption of services.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the GCB/FCB Audit Software to version 20260108 or later.

This update includes a fix for the Missing Authentication vulnerability that allows unauthenticated remote attackers to create new administrative accounts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4312. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart