Missing Authentication Vulnerability in GCB/FCB Audit Software by DrangSoft
CVE-2026-4312

9.3CRITICAL

Key Information:

Vendor: Drangsoft
Status: Gcb/fcb Audit Software
Vendor: CVE Published:; 17 March 2026

What is CVE-2026-4312?

The GCB/FCB Audit Software from DrangSoft contains a vulnerability that allows unauthenticated remote attackers to exploit certain APIs. This flaw permits unauthorized individuals to create new administrative accounts, ultimately compromising the system’s integrity and security. Organizations using this software should assess their systems and implement necessary mitigations to prevent unauthorized access.

Affected Version(s)

GCB/FCB Audit Software 0 < 20260108

References

https://www.twcert.org.tw/tw/cp-132-10784-4f67d-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10785-2cafe-2.html

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 17, 2026
Vulnerability Reserved
Mar 17, 2026

CVE-2026-4312 Data

JSON

Drangsoft

What is CVE-2026-4312?

Affected Version(s)

References

CVSS V4

Timeline