GN-SA-2026-002: Genian NAC - Unauthenticated Access Vulnerability
Date
- July 07, 2026
CVSS V4.0 score
- 9.3
Severity
- Critical
Description
A vulnerability was discovered in which an internal IPC endpoint of the Genian NAC Policy Server could be called externally without authentication. A security update has been released along with remediation to strengthen product security. Users of affected versions are advised to update to the latest version.
Affected Versions
- Genian NAC 5.0.86 (below Revision 148665)
- Genian NAC 5.0.85 (below Revision 148666)
- Genian NAC 5.0.75 LTS (below Revision 148667)
- Genian ZTNA 6.0.46 (below Revision 148670)
- Genian ZTNA 6.0.45 (below Revision 148671)
- Genian ZTNA 6.0.35 (below Revision 148672)
Solution
The vulnerabilities included in this advisory can be resolved by updating to the following versions:
- Genian NAC 5.0.86 (Revision 148665 or later)
- Genian NAC 5.0.85 (Revision 148666 or later)
- Genian NAC 5.0.75 LTS (Revision 148667 or later)
- Genian ZTNA 6.0.46 (Revision 148670 or later)
- Genian ZTNA 6.0.45 (Revision 148671 or later)
- Genian ZTNA 6.0.35 (Revision 148672 or later)
Workaround
- Modify the Apache server configuration file as follows:
Before:
# gnrpcsvc
ProxyPass /gnrpcsvc http://127.0.0.1:9999/gnrpcsvc retry=3 connectiontimeout=#!CONNTIMEOUT!# timeout=#!DATATIMEOUT!#
ProxyPassReverse /gnrpcsvc http://127.0.0.1:9999/gnrpcsvc
After:
# gnrpcsvc (allow only agt, rpc — whitelist)
ProxyPass /gnrpcsvc/agt http://127.0.0.1:9999/gnrpcsvc/agt retry=3 connectiontimeout=#!CONNTIMEOUT!# timeout=#!DATATIMEOUT!#
ProxyPassReverse /gnrpcsvc/agt http://127.0.0.1:9999/gnrpcsvc/agt
ProxyPass /gnrpcsvc/rpc http://127.0.0.1:9999/gnrpcsvc/rpc retry=3 connectiontimeout=#!CONNTIMEOUT!# timeout=#!DATATIMEOUT!#
ProxyPassReverse /gnrpcsvc/rpc http://127.0.0.1:9999/gnrpcsvc/rpc