PatchSiren cyber security CVE debrief
CVE-2026-36182 GNCC CVE debrief
A critical vulnerability was discovered in GNCC GP5 v7.1.76, identified as CVE-2026-36182. This vulnerability involves the use of a weak hashing algorithm to protect the root password. The weakness, scored at 9.8 on the CVSS scale, could potentially allow attackers to obtain root credentials and privileges via a brute-force attack. The vulnerability was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-36182) and further details can be found on [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-36182).
- Vendor
- GNCC
- Product
- GP5
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of GNCC GP5 v7.1.76 should be aware of this vulnerability and take necessary actions to secure their systems.
Technical summary
The GNCC GP5 v7.1.76 device uses a weak hashing algorithm for protecting the root password. This could allow attackers to exploit the system using a brute-force attack, potentially gaining unauthorized access with root privileges.
Defensive priority
High
Recommended defensive actions
- Update to a secure version if available.
- Implement a stronger password hashing algorithm.
- Restrict access to the system and monitor for suspicious activity.
Evidence notes
The CVE record [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-36182) and NVD details [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-36182) provide further information on this vulnerability.
Official resources
CVE-2026-36182 was published on 2026-06-04T16:16:35.763Z and modified on 2026-06-08T15:16:45.473Z.