CVE-2026-5141 - Vulnerability Details

- Improper Access Control in TUBITAK BILGEM's Pardus Software Center

Description

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.

This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.

Published: 2026-04-29

Score: 8.8 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The updated description confirms that TUBITAK BILGEM's Pardus Software Center suffers from improper privilege management and access control, enabling an attacker to hijack privileged processes. This flaw permits unauthorized execution of privileged actions, potentially compromising confidentiality, integrity, and availability of the affected system.

Affected Systems

TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center, all versions earlier than 1.0.3.

Risk and Exploitability

The CVSS score of 8.8 reflects a high severity, and the EPSS score is not available while the vulnerability is not listed in the CISA KEV catalog. Based on the description it is inferred that an attacker who can interact with the Software Center—whether locally or remotely if the service is exposed—can exploit the improper access control to hijack a privileged process. Elevating privileges in this way could allow the attacker to modify system state, exfiltrate data, or disrupt services. The lack of an official workaround suggests that the primary protection is to prevent exploitation by applying the vendor’s fix.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

TUBITAK BILGEM Software Technologies Research Institute

Pardus Software Center

unaffected

Version	Status	Constraints
`1.0.2`	affected	< 1.0.3

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Pardus Software Center to version 1.0.3 or later to address the improper privilege management, privilege assignment, and access control weaknesses (CWE-266, CWE-269, CWE-284).
Conduct a review of the Software Center's configuration and user permissions, ensuring that only authorized administrators can start privileged processes and that ACLs enforce least privilege, mitigating CWE-284.
Perform a comprehensive audit of privilege assignments for all Service Center users, removing default or excessive rights to prevent unauthorized privilege escalation, addressing CWE-266 and CWE-269.

Generated by OpenCVE AI on April 29, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.usom.gov.tr/bildirim/tr-26-0131

History

Wed, 29 Apr 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 29 Apr 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description	Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: before 1.0.3.	Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.

Wed, 29 Apr 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: before 1.0.3.
Title		Improper Access Control in TUBITAK BILGEM's Pardus Software Center
Weaknesses		CWE-266 CWE-269 CWE-284
References		https://www.usom.gov.tr/bildirim/tr-26-0131
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published: 2026-04-29T14:18:00.642Z

Updated: 2026-04-29T15:22:47.249Z

Reserved: 2026-03-30T11:59:12.951Z

Link: CVE-2026-5141

Vulnrichment

Updated: 2026-04-29T15:05:51.086Z

NVD

Status : Deferred

Published: 2026-04-29T15:16:07.887

Modified: 2026-04-29T21:13:30.563

Link: CVE-2026-5141

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-29T21:30:20Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object