Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server - (CVE-2026-12620)
During a security engagement, Leo Diamat discovered that the GridTime 3000 GNSS Time Server web application transmitted session access tokens via URL query string parameters on multiple endpoints.
