Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

Vulnerability IntelligenceCVE-2026-12622

CVE-2026-12622

MEDIUM5.3

Open Redirect Vulnerability in Password Reset Submission in GridTime™ 3000 GNSS Time Server

Published Jun 19, 2026

Modified Yesterday

Details

The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission.

This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

References

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2026-12622

ADVISORY

https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/gridtime-3000-gnss-time-server-open-redirect

CVSS Analysis

CVSS v4.0

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

LowVC:L

Vuln. Integrity

LowVI:L

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.3/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Weakness Type (CWE)

Input Validation

CWE-601

Open Redirect

Ecosystems

Timeline

PublishedJun 19, 2026

ModifiedJun 22, 2026

CVE-2026-12622 | Mondoo Vulnerability Intelligence