Access Token Exposure in GridTime 3000 GNSS Time Server by Microchip
CVE-2026-12620

4.6MEDIUM

Key Information:

Vendor: Microchip
Status: Gridtime 3000
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-12620?

The GridTime 3000 GNSS Time Server has a security flaw that allows access tokens to be exposed in URL parameters across several endpoints. This vulnerability impacts versions 1.0r0.03 through 1.1r0.0, potentially compromising sensitive data and impacting the integrity of the time-serving communications.

Affected Version(s)

GridTime 3000 1.0r0.03 <= 1.1r0.0

References

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
Jun 18, 2026

CVE-2026-12620 Data

JSON