Cyber Posture

CVE-2026-4312

Critical

Published: 17 March 2026

Published
17 March 2026
Modified
17 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0022 44.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match
prevent

Directly requires organizations to limit and document permitted actions without identification or authentication, preventing unauthenticated access to APIs for creating administrative accounts.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for logical access to system resources, ensuring authentication is required for sensitive API endpoints exploited in this vulnerability.

AC-2 Account Management good match
prevent

Manages account creation processes to restrict administrative account provisioning to authorized entities only, blocking unauthorized admin account creation via unauthenticated APIs.

Security SummaryAI

CVE-2026-4312 is a Missing Authentication vulnerability (CWE-306) affecting GCB/FCB Audit Software developed by DrangSoft. Published on 2026-03-17, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites. The flaw enables unauthenticated remote attackers to directly access certain APIs without authentication.

Unauthenticated attackers with network access can exploit this vulnerability remotely and with low effort, requiring no privileges, user interaction, or special conditions. Successful exploitation allows attackers to create a new administrative account, potentially granting full control over the affected software, with high impacts on confidentiality, integrity, and availability.

Mitigation details are provided in advisories from TWCERT/CC, available at https://www.twcert.org.tw/en/cp-139-10785-2cafe-2.html and https://www.twcert.org.tw/tw/cp-132-10784-4f67d-1.html. Security practitioners should consult these references for patch information, workarounds, or configuration changes to address the issue.

Details

CWE(s)
CWE-306

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
attack.mitre.org →
Why these techniques?

Missing authentication in public-facing APIs enables exploitation of public-facing application (T1190) and creation of administrative accounts (T1136).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References