CRITICAL🇵🇱 Wersja polska

CVE-2026-6853

CVSS 9.8v3.1pub. 2026-06-12

Improper restriction of excessive authentication attempts vulnerability in Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co. Pause+ Mobile App allows Authentication Bypass. This issue affects Pause+ Mobile App: from v1.0.6 before v1.5.

🤖 AI Analysis
How it works

The error classified as CWE-307 involves the lack of proper restriction on excessive authentication attempts (Improper Restriction of Excessive Authentication Attempts). Attackers can repeatedly send login requests without account lockout, time limits, or CAPTCHA mechanisms, enabling brute-force or credential stuffing attacks. As a result, it is possible to guess or bypass credentials and gain unauthorized access to a user account.

Impact

Attackers can gain unauthorized access to user accounts in the application, leading to violations of confidentiality, integrity, and data availability. Full account compromise is possible without any interaction from the victim.

Mitigation & patch

Update the Pause+ Mobile App to version v1.5 or newer. Detailed information is available in the manufacturer's security bulletin at: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0368

Who is affected

Pause+ Mobile App versions from v1.0.6 to (not including) v1.5 — manufacturer: Başbelen Group Food Cafe Businesses Industry and Trade Ltd. Co.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References