CRITICAL🇵🇱 Wersja polska

CVE-2026-6508

CVSS 9.8v3.1pub. 2026-05-07

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-346 consists of the lack of proper verification of the source (origin) of requests incoming to the system. An attacker can send network requests that the system incorrectly recognizes as trusted, thereby bypassing defined access control lists (ACL). The attack vector is network-based, does not require authentication or user interaction, making the vulnerability trivial to exploit remotely.

Impact

An attacker can gain unauthorized access to system functions covered by ACL restrictions, which can lead to complete breach of confidentiality, integrity, and availability of resources managed by Liderahenk.

Mitigation & patch

Liderahenk should be updated to version 2.0.2 or newer. Detailed information is available in the security bulletin at: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0181

Who is affected

TUBITAK BILGEM Software Technologies Research Institute Liderahenk in versions from 2.0.1 to (excluding) 2.0.2.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References