Input Neutralization Flaw in GridTime 3000 by Microchip
CVE-2026-12621

5.3MEDIUM

Key Information:

Vendor: Microchip
Status: Gridtime 3000
Vendor: CVE Published:; 19 June 2026

What is CVE-2026-12621?

The GridTime 3000 product from Microchip is exposed to an input neutralization flaw during web page generation. Specifically, the vulnerability allows for Cross-Site Scripting (XSS) attacks via the password reset form, enabling unauthorized execution of scripts in the context of a user's browser. Affected versions span from 1.0r0.03 to just before 1.2r0.0. Users of this product should take immediate steps to implement mitigations to protect against potential exploits.

Affected Version(s)

GridTime 3000 1.0r0.03 <= 1.1r0.0

References

https://www.microchip.com/en-us/solutions/technologies/em...

vendor-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2026
Vulnerability Reserved
Jun 18, 2026

CVE-2026-12621 Data

JSON