CVE-2026-5140
Deferred
Deferred - Pending Action
CRLF Injection in Pardus Allows Authentication Bypass
Vulnerability report for CVE-2026-5140, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-29
Last updated on: 2026-06-06
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass.
This issue affects Pardus Update: from 0.6.3 before 0.6.4.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tubitak_bilgem | pardus | From 0.6.4 (inc) to 0.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-93 | The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. |