CVE-2026-6208 PUBLISHED

IDOR in in HAVELSAN's Geographic Tracking System

Assigner: TR-CERT
Reserved: 13.04.2026 Published: 05.06.2026 Updated: 05.06.2026

Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking System allows Exploitation of Trusted Identifiers.

This issue affects Geographic Tracking System: before v0.0.2.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 9.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	HAVELSAN Inc.
Product	Geographic Tracking System
Versions	Default: unaffected affected from 0 to v0.0.2 (excl.)

Credits

Raif Berkay DİNÇEL finder

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0325

Problem Types

CWE-639 Authorization bypass through User-Controlled key CWE

Impacts

CAPEC-21 Exploitation of Trusted Identifiers