CVE-2026-14460 PUBLISHED

Missing Authorization in TUBITAK BILGEM's pardus-software

Assigner: TR-CERT
Reserved: 02.07.2026 Published: 03.07.2026 Updated: 03.07.2026

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.

This issue affects pardus-software: from <= 1.0.4 before 1.0.5.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 8.8

Product Status

Vendor TUBITAK BILGEM Software Technologies Research Institute
Product pardus-software
Versions Default: unaffected
  • affected from <= 1.0.4 to 1.0.5 (excl.)

Credits

  • Kerem Kaan DASMAZ finder

References

Problem Types

  • CWE-862 Missing Authorization CWE

Impacts

  • CAPEC-6 Argument Injection