CVE Catalog

CVE-2026-36176

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile - higher than 1% of all known CVEs

Summary

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.

Risk Assessment

The organization is at risk of unauthorized access to data stored in Backblaze B2, potentially leading to data leakage, modification, or deletion by an attacker with physical access to the device.

Recommendation

Immediately update GNCC GP5 software to the latest version that fixes this vulnerability, and consider securing physical access to devices and disabling logging of sensitive data on the serial console.

Original NVD description (English source)

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS