CVE-2026-6509 PUBLISHED

Privilege Escalation in TUBITAK BILGEM's Pardus Update

Assigner: TR-CERT
Reserved: 17.04.2026 Published: 05.07.2026 Updated: 05.07.2026

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.

This issue affects Pardus Update: from <=0.6.3 before 0.6.6.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Product Status

Vendor TUBITAK BILGEM Software Technologies Research Institute
Product Pardus Update
Versions Default: unaffected
  • affected from <=0.6.3 to 0.6.6 (excl.)

Credits

  • Mehmet DEMİR finder

References

Problem Types

  • CWE-862 Missing Authorization CWE

Impacts

  • CAPEC-233 Privilege Escalation