Description
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.

This issue affects Pardus About: before v1.2.1.
Published: 2026-04-29
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper link resolution before file access in TUBITAK BILGEM's Pardus About. An attacker can manipulate symbolic links to access files outside the intended directory, leading to reading or possibly modifying sensitive system files. This flaw, classified as CWE‑59, could expose confidential data or, in worst cases, enable privilege escalation.

Affected Systems

The affected software is Pardus About from TUBITAK BILGEM Software Technologies Research Institute. All installations running a version earlier than 1.2.1 are vulnerable. No other products or vendors are listed as impacted.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability. EPSS information is not available, and the issue is not listed in CISA's KEV catalog. The flaw can be exploited by crafting a malicious symbolic link that points to restricted files; while the attack is feasible locally or via remote triggers depending on the environment, the description does not explicitly state the required conditions, so we infer it is primarily a local exploitation vector. If an attacker gains execution or file read privileges, sensitive information could be disclosed.

Generated by OpenCVE AI on April 29, 2026 at 16:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Pardus About to version 1.2.1 or later.
  • If an upgrade is not immediately possible, restrict the application’s file access permissions to prevent following of symbolic links by disabling link resolution on directories containing sensitive files.
  • Conduct a file integrity check and monitor for unexpected file read operations.

Generated by OpenCVE AI on April 29, 2026 at 16:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Description Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before v1.2.1.
Title Improper Authentication in TUBITAK BILGEM's Pardus About
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-04-29T14:53:02.143Z

Reserved: 2026-03-30T14:30:28.693Z

Link: CVE-2026-5161

cve-icon Vulnrichment

Updated: 2026-04-29T14:52:57.082Z

cve-icon NVD

Status : Deferred

Published: 2026-04-29T15:16:08.010

Modified: 2026-04-29T21:13:30.563

Link: CVE-2026-5161

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T17:00:13Z

Weaknesses