CVE-2026-9085 PUBLISHED

DNS Hijacking in TUBITAK BILGEM's Pardus-Parental-Control

Assigner: TR-CERT
Reserved: 20.05.2026 Published: 05.07.2026 Updated: 05.07.2026

Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.

This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 8.8

Product Status

Vendor TUBITAK BILGEM Software Technologies Research Institute
Product Pardus-Parental-Control
Versions Default: unaffected
  • affected from <=0.5.1 to 0.7.0 (excl.)

Credits

  • Mehmet DEMİR finder

References

Problem Types

  • CWE-732 Incorrect Permission Assignment for Critical Resource CWE
  • CWE-284 Improper Access Control CWE

Impacts

  • CAPEC-598 DNS Spoofing