CVE-2026-12620

Summary

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints.

This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.

Affected Software

VendorProductVersion RangeStatus
MicrochipGridTime 30001.0r0.03 <= 1.1r0.0affected

Weaknesses

  • CWE-200: CWE-200

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References