GN-SA-2026-002: Genian NAC - Unauthenticated Access Vulnerability

Date

  • July 07, 2026

CVSS V4.0 score

  • 9.3

Severity

  • Critical

Description

A vulnerability was discovered in which an internal IPC endpoint of the Genian NAC Policy Server could be called externally without authentication. A security update has been released along with remediation to strengthen product security. Users of affected versions are advised to update to the latest version.

Affected Versions

  • Genian NAC 5.0.86 (below Revision 148665)
  • Genian NAC 5.0.85 (below Revision 148666)
  • Genian NAC 5.0.75 LTS (below Revision 148667)
  • Genian ZTNA 6.0.46 (below Revision 148670)
  • Genian ZTNA 6.0.45 (below Revision 148671)
  • Genian ZTNA 6.0.35 (below Revision 148672)

Solution

The vulnerabilities included in this advisory can be resolved by updating to the following versions:

  • Genian NAC 5.0.86 (Revision 148665 or later)
  • Genian NAC 5.0.85 (Revision 148666 or later)
  • Genian NAC 5.0.75 LTS (Revision 148667 or later)
  • Genian ZTNA 6.0.46 (Revision 148670 or later)
  • Genian ZTNA 6.0.45 (Revision 148671 or later)
  • Genian ZTNA 6.0.35 (Revision 148672 or later)

Workaround

  • Modify the Apache server configuration file as follows:

Before:

# gnrpcsvc
ProxyPass /gnrpcsvc http://127.0.0.1:9999/gnrpcsvc retry=3 connectiontimeout=#!CONNTIMEOUT!# timeout=#!DATATIMEOUT!#
ProxyPassReverse /gnrpcsvc http://127.0.0.1:9999/gnrpcsvc

After:

# gnrpcsvc (allow only agt, rpc — whitelist)
ProxyPass /gnrpcsvc/agt http://127.0.0.1:9999/gnrpcsvc/agt retry=3 connectiontimeout=#!CONNTIMEOUT!# timeout=#!DATATIMEOUT!#
ProxyPassReverse /gnrpcsvc/agt http://127.0.0.1:9999/gnrpcsvc/agt
ProxyPass /gnrpcsvc/rpc http://127.0.0.1:9999/gnrpcsvc/rpc retry=3 connectiontimeout=#!CONNTIMEOUT!# timeout=#!DATATIMEOUT!#
ProxyPassReverse /gnrpcsvc/rpc http://127.0.0.1:9999/gnrpcsvc/rpc