External risk intelligence

DrangSoft GCB FCB Audit Software API Authentication Bypass

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-4312

A critical vulnerability in GCB/FCB Audit Software allows unauthenticated remote attackers to create new administrative accounts by accessing specific APIs. This could grant unauthorized access to sensitive audit functionalities and data within government financial cybersecurity systems. The primary concern is determin

3Halo Surface Signal

Missing Authentication

Dragonsoft Gcb\/fcb Government Financial Cybersecurity Configuration Audit Software

External exposure likelihood

Halo Surface Signal score for CVE-2026-4312

The software is a specialized configuration audit tool for government financial systems. While it provides network-reachable APIs, such tools are typically deployed within restricted internal networks for administrative oversight rather than exposed directly to the public internet.

PCI scan relevance

PCI Relevance for CVE-2026-4312

Yes

CVE-2026-4312 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

A critical vulnerability in GCB/FCB Audit Software allows unauthenticated remote attackers to create new administrator accounts, which is likely to cause PCI scan failures.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in DrangSoft's GCB/FCB Audit Software, which is used for government financial cybersecurity configuration. This flaw allows unauthorized remote access to specific APIs, enabling the creation of new administrative accounts. The main concern is to confirm if this specialized audit software is in use within the organization and, if so, to what extent it might be exposed.

  • Unauthenticated access to audit software APIs.
  • Critical flaw allows new admin account creation.
  • Confirm relevance and exposure for audit tools.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can remotely access specific APIs in the GCB/FCB Audit Software. This allows them to create a new administrative account without needing any prior access or credentials.

  • Network access required.
  • Direct API access triggers vulnerability.
  • New admin account creation.

Live Threat

Current exploitation, exposure, and threat context

Unauthenticated remote attackers could exploit this vulnerability to create a new administrative account for the GCB/FCB Audit Software. This could allow unauthorized individuals to gain administrative control over the audit software's functionalities and data.

  • Audit software administrative access.
  • Direct API access to create accounts.
  • Unauthorized control of audit functions.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

The GCB/FCB Audit Software, used for government financial cybersecurity configuration, has an unauthenticated API vulnerability. This flaw allows remote attackers to create new administrative accounts, posing a critical risk. Ownership will likely fall to the application or platform team responsible for the DrangSoft software, with initial steps focusing on asset identification and reachability assessment.

  • Own the GCB/FCB Audit Software.
  • Verify external reachability and business criticality.
  • Plan risk-based remediation and vendor coordination.

Frequently asked questions

What is GCB/FCB Audit Software and what is it used for?

GCB/FCB Audit Software, developed by DrangSoft, is a specialized tool used for government financial cybersecurity configuration audits. It helps organizations manage and verify the security settings of their financial systems.

How does CVE-2026-4312's Missing Authentication weakness affect GCB/FCB Audit Software?

This vulnerability is a 'Missing Authentication' weakness (CWE-306). It means unauthenticated attackers can directly access certain APIs within the GCB/FCB Audit Software, bypassing normal login procedures to create new administrative accounts.

What are the preconditions for exploiting this GCB/FCB Audit Software vulnerability?

An attacker needs network access to the GCB/FCB Audit Software's APIs. The vulnerability is triggered by directly accessing these APIs without authentication, which then allows for the creation of a new administrator account.

Who should be concerned about CVE-2026-4312 in GCB/FCB Audit Software?

Organizations using GCB/FCB Audit Software should be concerned. The Halo Surface Signal indicates a 'Possible' exposure, suggesting that while the software has network-reachable APIs, it's often used internally for administrative oversight, so direct internet exposure might be limited but still a concern.

What is the first step if my organization runs GCB/FCB Audit Software?

The initial step is to identify if your organization uses GCB/FCB Audit Software. If it is in use, you should then assess its network accessibility and business criticality to understand the potential risk.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified