CVE-2026-36180
MediumCVSS 4.6Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
GNCC GP5 v7.1.76 lacks runtime integrity, allowing physically-proximate attackers to bypass file system read-only protections. A bind-mount attack enables modification of system files and binaries for the duration of a boot session.
Risk Assessment
The risk involves potential persistent modification of critical system files by an attacker with physical access, which could lead to system compromise or malware installation.
Recommendation
Update GNCC GP5 to the latest patched version immediately. Until then, restrict physical access to devices and implement file system integrity measures such as mounting partitions with 'noexec' and 'nodev' options.
Original NVD description (English source)
A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack.

