CVE-2026-12622— Open Redirect Vulnerability in Password Reset Submission in GridTime™ 3000 GNSS Time Server
Possible ATT&CK Techniques 1AI
T1189 · Drive-by CompromiseAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microchip | GridTime 3000 | 1.0r0.03≤ 1.1r0.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-12622
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open Redirect Vulnerability in Password Reset Submission in GridTime™ 3000 GNSS Time Server
Source: NVD (National Vulnerability Database)
Vulnerability Description
The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microchip | GridTime 3000 | 1.0r0.03 ~ 1.1r0.0 | - |
II. Public POCs for CVE-2026-12622
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-12622
请登录查看更多情报信息。
News Coverage for CVE-2026-12622 (1)
Same Patch Batch · Microchip · 2026-06-19 · 4 CVEs total
| CVE-2026-12619 | GridTime™ 3000 GNSS Time Server CSRF to XSS | |
| CVE-2026-12620 | Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server | |
| CVE-2026-12621 | Cross-Site Scripting (XSS) Vulnerability in Password Reset Redirect in GridTime™ 3000 GNSS |
IV. Related Vulnerabilities
Same vendor: Microchip
- CVE-2026-12620
Access Token Exposure in URL Parameters in GridTime™ 3000 GN - CVE-2026-12621
Cross-Site Scripting (XSS) Vulnerability in Password Reset R - CVE-2026-12619
GridTime™ 3000 GNSS Time Server CSRF to XSS - CVE-2026-2336
Weak webstax_auth Cookie Authentication Allows Privilege Esc - CVE-2025-9497
Hardcoded Upgrade Decryption Passwords
Same weakness: CWE-601
- CVE-2026-47645
Microsoft 365 Copilot's Business Chat Elevation of Privilege - CVE-2026-48895
Apache APISIX: Cas-auth Host header influence on CAS service - CVE-2026-44915
Apache APISIX: Cas-auth plugin open redirect via unsanitized - CVE-2026-12049
pgAdmin 4: Open redirect in multi-factor authentication flow - CVE-2026-20178
Cisco Webex App URL参数验证缺陷致重定向
V. Comments for CVE-2026-12622
No comments yet