CVE-2026-5161
Symlink Attack in Pardus About
Publication date: 2026-04-29
Last updated on: 2026-05-04
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tubitak_bilgem | pardus_about | to 1.2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper link resolution issue before file access, also known as a 'link following' vulnerability, in the Pardus About software developed by TUBITAK BILGEM Software Technologies Research Institute. It allows a Symlink Attack, where an attacker can exploit symbolic links to access or manipulate files improperly.
How can this vulnerability impact me? :
The vulnerability can have a significant impact as it allows attackers to perform Symlink Attacks, potentially leading to unauthorized access, modification, or deletion of files. Given the CVSS score of 8.8 with high impact on confidentiality, integrity, and availability, this could result in severe data breaches or system compromise.
Can you explain this vulnerability to me?
This vulnerability is an improper link resolution issue before file access, also known as a 'link following' vulnerability, in the Pardus About software developed by TUBITAK BILGEM Software Technologies Research Institute. It allows an attacker to perform a Symlink Attack, which means the software incorrectly handles symbolic links before accessing files.
How can this vulnerability impact me? :
The vulnerability can have a significant impact as it allows an attacker to exploit symbolic links to potentially access, modify, or delete files that the software interacts with. Given the CVSS score of 8.8 with high confidentiality, integrity, and availability impacts, this could lead to unauthorized data access, data corruption, or denial of service.