Date Posted: 2026/03/20

[Vulnerability Alert] DragonSoft | GCB/FCB Government Financial Security Configuration Audit Software - Missing Authentication

Subject Explanation: [Vulnerability Alert] DragonSoft | GCB/FCB Government Financial Security Configuration Audit Software - Missing Authentication

Content Description:
- Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000016
- [DragonSoft | GCB/FCB Government Financial Security Configuration Audit Software - Missing Authentication] (CVE-2026-4312, CVSS: 9.8) The GCB/FCB Government Financial Security Configuration Audit Software developed by DragonSoft contains a Missing Authentication vulnerability. An unauthenticated remote attacker can directly use the API function to add an account with administrative privileges.
Impacted Platforms:
- GCB/FCB Government Financial Security Configuration Audit Software versions prior to 20260108 (exclusive)
Suggested Measures:
- Update to version 20260108 and later versions
References:
1. https://www.twcert.org.tw/tw/cp-132-10784-4f67d-1.html

Computer and Communication Center
Network Systems Division