CVE-2026-36175
Deferred Deferred - Pending Action
Authentication Bypass in GNCC GP5 U-Boot

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: MITRE

Description
An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-25
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2026-36175
EUVD
EUVD-2026-34278
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gncc gp5 7.1.76
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the U-Boot component of GNCC GP5 version 7.1.76. It allows attackers who have physical proximity to the device to bypass authentication mechanisms. They achieve this by interrupting the boot sequence and injecting a specially crafted string into the kernel boot arguments, which ultimately grants them root access.

Impact Analysis

The vulnerability can have severe impacts as it allows an attacker with physical access to gain root privileges on the affected device. This means the attacker can fully control the system, potentially leading to unauthorized data access, modification, or destruction, installation of malicious software, and disruption of normal device operations.

Compliance Impact

This vulnerability allows physically-proximate attackers to bypass authentication and gain root access to the affected system. Such unauthorized access can lead to compromise of confidentiality, integrity, and availability of sensitive data.

As a result, organizations using the affected U-Boot component may face challenges in maintaining compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive personal and health information against unauthorized access.

Mitigation Strategies

The vulnerability allows physically-proximate attackers to bypass authentication by interrupting the boot sequence and injecting crafted strings into the kernel boot arguments.

Immediate mitigation steps include restricting physical access to the device to prevent attackers from interrupting the boot process.

If possible, disable any interfaces or methods that allow boot sequence interruption or injection of boot arguments.

Monitor for any unauthorized physical access and consider isolating affected devices from critical networks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36175. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart