HIGHCVE-2026-1618Published 2026-02-13Modified 2026-02-13CNA TR-CERT

CVE-2026-1618: Admin Account Takeover in Universal Sotware's FlexCity/Kiosk

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: 1.0.36
Affected Products: 1

Fix available

1.0.36

Affected packages

Universal Software Inc. / FlexCity/Kiosk
< 1.0.36 (from 1.0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

usom.gov.tr

Metrics

Fix available