Home / Vulnerability Intelligence / CVE-2026-4312

CVE-2026-4312 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 17, 2026

DrangSoft GCB/FCB Audit Software - Authentication Bypass

Published: March 17, 2026Updated: March 17, 2026Remote Exploitable

Overview

DrangSoft GCB/FCB Audit Software contains a missing authentication vulnerability allowing unauthenticated remote attackers to access APIs and create new administrative accounts, exploit requires no authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can create new administrative accounts, leading to full system compromise.

Mitigation

Update to the latest version with authentication fixes.

References

Social Media Activity(2 posts)

Offensive Sequence

@offseq

Mar 17, 2026

🚨 CVE-2026-4312 (CRITICAL, CVSS 9.3) in DrangSoft GCB/FCB Audit Software: missing auth allows remote admin account creation & full compromise. No patch yet — restrict API access, monitor closely. https://radar.offseq.com/threat/cve-2026-4312-cwe-306-missing-authentication-for-c-6cd3271e #OffSeq #Vulnerability #InfoSec

View original post

Offensive Sequence

@offseq

Mar 17, 2026

View original post

Related Resources

Details

CVE ID: CVE-2026-4312
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: new
EPSS: 0.0%
Social Posts: 2

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days