CVE-2026-6508— RCE in TUBITAK BILGEM's Liderahenk
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6508
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
RCE in TUBITAK BILGEM's Liderahenk
Source: NVD (National Vulnerability Database)
Vulnerability Description
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
源验证错误
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tubitak Ulakbim LiderAhenk Software 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tubitak Ulakbim LiderAhenk Software是土耳其国家学术网络和知识中心(Tubitak Ulakbim)公司的一个开源软件系统。用于对企业网络上的系统和用户进行集中管理、监控和控制。 Tubitak Ulakbim LiderAhenk Software 2.0.1版本至2.0.2之前版本存在访问控制错误漏洞,该漏洞源于来源验证错误,可能导致访问未受ACL适当约束的功能。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Liderahenk | 2.0.1 ~ 2.0.2 | - |
II. Public POCs for CVE-2026-6508
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6508
请登录查看更多情报信息。
- https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0181government-resource
- https://nvd.nist.gov/vuln/detail/CVE-2026-6508
IV. Related Vulnerabilities
- CVE-2026-6849
OS Command Injection in TUBITAK BILGEM's Pardus OS My Comput - CVE-2026-5166
Path Traversal in TUBITAK BILGEM's Pardus Software Center - CVE-2026-5161
Improper Authentication in TUBITAK BILGEM's Pardus About - CVE-2026-5141
Improper Access Control in TUBITAK BILGEM's Pardus Software - CVE-2026-5140
Authorization Bypass in TUBITAK BILGEM's Pardus Update
Same weakness: CWE-346
- CVE-2026-43870
Apache Thrift: Node.js web_server.js multi-vulnerability - CVE-2026-7439
AgentFlow Local Web API Content-Type Validation Bypass - CVE-2026-41398
OpenClaw - Unauthorized Agent Request Dispatch via Untrusted - CVE-2026-41393
OpenClaw < 2026.3.31 - Arbitrary DNS Authority Acceptance an - CVE-2026-41376
OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypas
V. Comments for CVE-2026-6508
No comments yet