Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】HiTrust | GCB/FCB Government and Financial Security Configuration Audit Software – Missing Authentication

publish date : 2026-03-20 update date : 2026-03-20

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026031901030202 Publication Time 2026/03/19 13:55
Incident Type ANA-Vulnerability Alert Discovery Time 2026/03/19 13:55
Impact Level Low  
[Subject]
【Vulnerability Alert】HiTrust | GCB/FCB Government and Financial Security Configuration Audit Software – Missing Authentication
[Content]
Forwarded from TWCERTCC-200-202603-00000016

【HiTrust | GCB/FCB Government and Financial Security Configuration Audit Software – Missing Authentication】(CVE-2026-4312, CVSS: 9.8) The GCB/FCB Government and Financial Security Configuration Audit Software developed by HiTrust contains a Missing Authentication vulnerability. An unauthenticated remote attacker can directly use API functions to create an account with administrative privileges.


(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]

GCB/FCB Government and Financial Security Configuration Audit Software versions prior to 20260108 (excluding 20260108)
[Recommended Actions]
更新至20260108(含)以後版本
[Reference]
 https://www.twcert.org.tw/tw/cp-132-10784-4f67d-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print