CVE-2026-36180
Runtime Integrity Bypass in GNCC GP5 v7.1.76
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gncc | gp5 | 7.1.76 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability in GNCC GP5 v7.1.76, immediate steps include restricting physical access to the device to prevent physically-proximate attackers from performing bind-mount attacks.
Since the vulnerability allows modification of system files and binaries during a boot session, ensuring the device is in a secure environment and monitoring for unauthorized physical access is critical.
No specific patches or software mitigations are mentioned, so physical security and limiting device exposure are the primary defenses.
Can you explain this vulnerability to me?
This vulnerability is a lack of runtime integrity in GNCC GP5 version 7.1.76. It allows attackers who are physically close to the device to bypass the file system's read-only protections. They can do this by using a bind-mount attack to modify system files and binaries during the current boot session.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with physical proximity can alter critical system files and binaries temporarily. This could compromise the integrity and security of the system during the boot session, potentially allowing unauthorized actions or system manipulation.