CVE-2026-5161
Deferred Deferred - Pending Action
Symlink Attack in Pardus About

Publication date: 2026-04-29

Last updated on: 2026-06-06

Assigner: Computer Emergency Response Team of the Republic of Turkey

Description
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-29
Last Modified
2026-06-06
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5161
EUVD
EUVD-2026-26236
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
tubitak_bilgem pardus_about to 1.2.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper link resolution issue before file access, also known as a 'link following' vulnerability, in the Pardus About software developed by TUBITAK BILGEM Software Technologies Research Institute. It allows an attacker to perform a Symlink Attack, which means the software incorrectly handles symbolic links before accessing files.

Impact Analysis

The vulnerability can have a significant impact as it allows an attacker to exploit symbolic links to potentially access, modify, or delete files that the software interacts with. Given the CVSS score of 8.8 with high confidentiality, integrity, and availability impacts, this could lead to unauthorized data access, data corruption, or denial of service.

Executive Summary

This vulnerability is an improper link resolution issue before file access, also known as a 'link following' vulnerability, in the Pardus About software developed by TUBITAK BILGEM Software Technologies Research Institute. It allows a Symlink Attack, where an attacker can exploit symbolic links to access or manipulate files improperly.

Impact Analysis

The vulnerability can have a significant impact as it allows attackers to perform Symlink Attacks, potentially leading to unauthorized access, modification, or deletion of files. Given the CVSS score of 8.8 with high impact on confidentiality, integrity, and availability, this could result in severe data breaches or system compromise.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5161. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart