Description
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.

This issue affects Pardus Update: from <=0.6.3 before 0.6.6.
Published: 2026-07-05
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows an attacker to perform privileged functions within Pardus Update, potentially leading to higher privilege levels on the affected system. This lack of proper access control enables an attacker to elevate privileges, thereby compromising confidentiality, integrity, or availability if privileged actions are applied to critical system components. The weakness falls under CWE-862, indicating that the software does not correctly enforce authorization checks.

Affected Systems

The issue impacts the TUBITAK BILGEM Software Technologies Research Institute Pardus Update product. Versions affected include those up to and including 0.6.3, as well as any releases prior to 0.6.6. The exact boundary of affected releases is not fully specified, but all versions at or before 0.6.5 are likely vulnerable.

Risk and Exploitability

The CVSS base score of 7.8 demonstrates a high degree of risk. With no EPSS score, the current exploitation probability is unknown, and the vulnerability is not listed in CISA's KEV catalog. Based on the description, the vulnerability requires access that can trigger update operations; the attack vector is inferred to be either local or remote depending on how the update service is exposed. If the update process is accessible to unauthenticated or low-privilege users, the attacker can simply invoke privileged functions to raise their permissions. Because the flaw is an authorization bypass, a successful exploitation grants the attacker the same rights as the update process, potentially leading to system compromise.

Generated by OpenCVE AI on July 5, 2026 at 23:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a patched version of Pardus Update 0.6.6 or newer that resolves the authorization check.
  • Restrict access to the update mechanism by enforcing authentication and limiting user privileges on the update service process.
  • Monitor system logs for unauthorized update activity and conduct regular security reviews to ensure that patching procedures have been followed.

Generated by OpenCVE AI on July 5, 2026 at 23:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 05 Jul 2026 15:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation. This issue affects Pardus Update: from <=0.6.3 before 0.6.6.
Title Privilege Escalation in TUBITAK BILGEM's Pardus Update
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-07-05T14:48:43.725Z

Reserved: 2026-04-17T11:33:53.261Z

Link: CVE-2026-6509

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-05T23:45:04Z

Weaknesses