Home / Vulnerability Intelligence / CVE-2026-4312

CVE-2026-4312 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 17, 2026

DrangSoft GCB/FCB Audit Software - Authentication Bypass

Published: March 17, 2026Updated: March 17, 2026Remote Exploitable

Overview

DrangSoft GCB/FCB Audit Software contains a missing authentication vulnerability allowing unauthenticated remote attackers to access APIs and create new administrative accounts, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 12.7%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can create new administrative accounts, leading to full system compromise.

Mitigation

Update to the latest version with authentication fixes.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 17, 2026

🔴 CVE-2026-4312 - Critical (9.8) GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-4312/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-4312
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 12.7%
Social Posts: 1

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

12.7%Probability of exploitation in the next 30 days