This vulnerability is an origin validation error in TUBITAK BILGEM Liderahenk. The system fails to verify that requests originate from trusted sources and therefore permits access to functionality that should be protected by role‑based ACLs. Attackers can manipulate the Origin header or craft requests that bypass the expected origin check, gaining unauthorized access to privileged operations. Adversaries could then execute code, leak sensitive data, or modify configuration, effectively compromising the application’s confidentiality, integrity, and availability.

The flaw affects Liderahenk versions from 2.0.1 up to, but not including, 2.0.2. All installations of the software released before 2.0.2 are vulnerable. This includes deployments used in Turkish government or enterprise environments where the Liderahenk platform is employed.

The CVSS base score of 9.8 and the lack of available EPSS data mean that the vulnerability is considered critical, but the actual exploitation probability cannot be quantified. It is not listed in the CISA KEV catalog. The attack vector is inferred to be network‑based since origin validation is typically enforced over HTTP/S requests, and the design flaw removes an essential security boundary. Exploitation requires only that an attacker can send crafted HTTP requests to the vulnerable instance, making it highly exploitable in environments where the software is exposed to the internet or an untrusted network.