HIGHCVE-2026-5140Published 2026-04-29Modified 2026-05-04CNA TR-CERT

CVE-2026-5140: Authorization Bypass in TUBITAK BILGEM's Pardus Update

Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects Pardus Update: from 0.6.3 before 0.6.4.

CVSS v3.1: 8.8
Severity: HIGH
Fixed in: 0.6.4
Affected Products: 1

Fix available

0.6.4

Affected packages

TUBITAK BILGEM Software Technologies Research Institute / Pardus Update
< 0.6.4 (from 0.6.3)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

usom.gov.tr

Metrics

Fix available