CVE-2026-1618 - Vulnerability Details

- Admin Account Takeover in Universal Sotware's FlexCity/Kiosk

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.

This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

Published: 2026-02-13

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is an authentication bypass that uses an alternate path or channel to grant an attacker administrative privileges. Classified as CWE-288 Improper Authentication, the flaw allows bypassing the standard login and escalating to a privileged role. No additional consequences beyond the elevated privileges are reported in the description.

Affected Systems

Versión 1.0 up to but not including 1.0.36 of FlexCity/Kiosk is affected. Deployments running any of these versions are susceptible to the authentication bypass, according to the vendor’s notice.

Risk and Exploitability

The CVSS score is 8.8, indicating a High severity rating. The EPSS score is listed as less than 1%, implying a very low probability of exploitation at the time of this assessment. The vulnerability is not currently listed in CISA’s KEV catalog. The likely attack path involves using an alternate authentication route that bypasses the standard login, requiring only access to the application and no privileged credentials.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Universal Software Inc.

FlexCity/Kiosk

unaffected

Version	Status	Constraints
`1.0`	affected	< 1.0.36

Configuration 1 [-]

cpe:2.3:a:uni-yaz:flexcity:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Universal Software Inc.

Flexcity/kiosk

—

Version	Status	Scheme	Platform
`[1.0,1.0.36)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update FlexCity/Kiosk to version 1.0.36 or later to eliminate the authentication bypass.
Review and disable any unused alternate authentication paths or channels defined in the configuration to prevent future bypass attempts.
Enforce strong, multi‑factor authentication for all administrative accounts and monitor login logs for anomalous activities.

Generated by OpenCVE AI on June 6, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00383.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0065
https://www.usom.gov.tr/bildirim/tr-26-0065

History

Sat, 06 Jun 2026 08:15:00 +0000

Type	Values Removed	Values Added
Description	Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.	Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
References		https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0065

Mon, 02 Mar 2026 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Uni-yaz Uni-yaz flexcity
CPEs		cpe:2.3:a:uni-yaz:flexcity::::::::
Vendors & Products		Uni-yaz Uni-yaz flexcity

Fri, 13 Feb 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Universal Software Inc. Universal Software Inc. flexcity/kiosk
Vendors & Products		Universal Software Inc. Universal Software Inc. flexcity/kiosk

Fri, 13 Feb 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 13 Feb 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
Title		Admin Account Takeover in Universal Sotware's FlexCity/Kiosk
Weaknesses		CWE-288
References		https://www.usom.gov.tr/bildirim/tr-26-0065
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Uni-yaz Flexcity

Universal Software Inc. Flexcity/kiosk

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2026-02-13T13:14:45.785Z

Updated: 2026-06-06T07:58:00.402Z

Reserved: 2026-01-29T13:54:58.022Z

Link: CVE-2026-1618

Vulnrichment

Updated: 2026-02-13T17:00:26.617Z

NVD

Status : Modified

Published: 2026-02-13T14:16:09.910

Modified: 2026-06-17T10:16:10.363

Link: CVE-2026-1618

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-06T09:30:17Z

Weaknesses

CWE-288
Authentication Bypass Using an Alternate Path or Channel

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object