Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.

This issue affects Pardus Software Center: before 1.0.3.
Published: 2026-04-29
Score: 9.6 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper limitation of a pathname to a restricted directory in TUBITAK BILGEM’s Pardus Software Center allows an attacker to specify an arbitrary file path, causing the application to access files outside its intended directory. This could expose sensitive configuration, credential data, or other confidential files, and may enable further integrity violations if the application can write to these paths. The flaw is a classic location-based input validation failure, classified as CWE‑22, and is rated highly severe.

Affected Systems

The issue affects all installations of the Pardus Software Center distributed by TUBITAK BILGEM Software Technologies Research Institute that are at versions before 1.0.3.

Risk and Exploitability

The CVSS score of 9.6 marks this flaw as critical, and the EPSS score is not available while it is not listed in the CISA KEV catalog, indicating no known public exploitation yet. Based on the description, it is inferred that the vulnerability could be leveraged remotely if the Software Center is exposed over a network, or locally if an attacker has the ability to interact with the application from within the system. The lack of mitigation guidance in the advisory underscores the need for immediate action to prevent potential data breaches or further compromise.

Generated by OpenCVE AI on April 29, 2026 at 16:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Pardus Software Center to version 1.0.3 or later to eliminate the path traversal flaw.
  • Restrict access to the Software Center so that only trusted users or services can interact with it, using firewall rules or application‑level authentication.
  • Run the Software Center under the least privilege required and enforce filesystem permissions to limit access to sensitive directories.

Generated by OpenCVE AI on April 29, 2026 at 16:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Tubitak Bilgem Software Technologies Research Institute
Tubitak Bilgem Software Technologies Research Institute pardus Software Center
Vendors & Products Tubitak Bilgem Software Technologies Research Institute
Tubitak Bilgem Software Technologies Research Institute pardus Software Center

Wed, 29 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 1.0.3.
Title Path Traversal in TUBITAK BILGEM's Pardus Software Center
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

Subscriptions

Tubitak Bilgem Software Technologies Research Institute Pardus Software Center
cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-04-29T15:36:01.079Z

Reserved: 2026-03-30T14:54:13.083Z

Link: CVE-2026-5166

cve-icon Vulnrichment

Updated: 2026-04-29T15:35:57.499Z

cve-icon NVD

Status : Deferred

Published: 2026-04-29T16:16:26.673

Modified: 2026-04-29T21:13:30.563

Link: CVE-2026-5166

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:21:06Z

Weaknesses