Description
Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
Published: 2026-01-16
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unrestricted data modification and loss of integrity
Action: Immediate Patch
AI Analysis

Impact

The Gotac Police Statistics Database System contains a missing authentication flaw that permits an attacker to read, modify, and delete database records without providing any credentials. The vulnerability is exercised via a specific application functionality and, once accessed, allows full compromise of confidentiality, integrity, and availability of the system’s data. Consequently, sensitive law‑enforcement records could be exposed or corrupted, undermining public trust and operational efficiency.

Affected Systems

The affected vendor is Gotac, product Police Statistics Database System. The advisory indicates that versions prior to 1.0.3 are vulnerable, and an upgrade to version 1.0.3 or later resolves the issue. No additional version details are provided beyond this update path.

Risk and Exploitability

With a CVSS score of 9.3 the flaw is considered very high severity, while the EPSS score of less than 1 % suggests current exploitation activity is low. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote: any entity with network access to the system could exploit the missing authentication without credentials, making mitigation critical even if exploitation has not yet been observed.

Generated by OpenCVE AI on April 18, 2026 at 16:06 UTC.

Remediation

Vendor Solution

Update to version 1.0.3 or later.

OpenCVE Recommended Actions

  • Upgrade the Police Statistics Database System to version 1.0.3 or later to restore authentication checks and eliminate the flaw.
  • Configure network segmentation or firewall rules to limit access to the database server only to trusted systems or privileged administrative hosts.
  • Enable and configure database activity logging, then monitor logs for anomalous read, modify, or delete operations, and alert administrators to potential abuse promptly.

Generated by OpenCVE AI on April 18, 2026 at 16:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Gotac police Statistics Database System
CPEs cpe:2.3:a:gotac:police_statistics_database_system:*:*:*:*:*:*:*:*
Vendors & Products Gotac police Statistics Database System

Fri, 16 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Gotac
Gotac statistical Database System
Vendors & Products Gotac
Gotac statistical Database System

Fri, 16 Jan 2026 03:15:00 +0000

Type Values Removed Values Added
Description Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
Title Gotac|Police Statistics Database System - Missing Authentication
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Gotac Police Statistics Database System Statistical Database System
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-01-16T14:45:08.512Z

Reserved: 2026-01-16T02:00:21.955Z

Link: CVE-2026-1019

cve-icon Vulnrichment

Updated: 2026-01-16T14:45:04.639Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-16T03:16:18.363

Modified: 2026-01-23T20:29:51.947

Link: CVE-2026-1019

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:15:04Z

Weaknesses