CVE-2026-7399 PUBLISHED

IDOR in MeWare Software's PDKS

Assigner: TR-CERT
Reserved: 29.04.2026 Published: 30.04.2026 Updated: 30.04.2026

Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse.

This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 8.1

Product Status

Vendor MeWare Software Development Inc.
Product PDKS
Versions Default: unaffected
  • affected from V16.20200313 to VMYR_3.5.2025117 (excl.)

Credits

  • Berat AKŞİT finder

References

Problem Types

  • CWE-639 Authorization bypass through User-Controlled key CWE

Impacts

  • CAPEC-122 Privilege Abuse