CVE-2026-1815 PUBLISHED

Session Hijacking in TEİAŞ's Mobile Application

Assigner: TR-CERT
Reserved: 03.02.2026 Published: 21.05.2026 Updated: 21.05.2026

Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking.

This issue affects Mobile Application: from 1.6.2 before 1.13.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVSS Score: 5.7

Product Status

Vendor Turkiye Electricity Transmission Corporation (TEİAŞ)
Product Mobile Application
Versions Default: unaffected
  • affected from 1.6.2 to 1.13 (excl.)

Credits

  • Metin ÖGTEM finder

References

Problem Types

  • CWE-613 Insufficient session expiration CWE

Impacts

  • CAPEC-593 Session Hijacking