Date Posted: 2026/03/20

[Vulnerability Alert] DragonSoft | GCB/FCB Government Financial Security Configuration Audit Software - Missing Authentication

  • Subject Explanation: [Vulnerability Alert] DragonSoft | GCB/FCB Government Financial Security Configuration Audit Software - Missing Authentication


  • Content Description:
    • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000016
    • [DragonSoft | GCB/FCB Government Financial Security Configuration Audit Software - Missing Authentication] (CVE-2026-4312, CVSS: 9.8) The GCB/FCB Government Financial Security Configuration Audit Software developed by DragonSoft contains a Missing Authentication vulnerability. An unauthenticated remote attacker can directly use the API function to add an account with administrative privileges.
  • Impacted Platforms:
    • GCB/FCB Government Financial Security Configuration Audit Software versions prior to 20260108 (exclusive)
  • Suggested Measures:
    • Update to version 20260108 and later versions
  • References:
    1. https://www.twcert.org.tw/tw/cp-132-10784-4f67d-1.html

Computer and Communication Center
Network Systems Division