CVE-2026-7399
Received
Received - Intake
Authorization Bypass in MeWare PDKS via User-Controlled Key
Publication date: 2026-04-30
Last updated on: 2026-04-30
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| me_ware_software_development_inc | pdks | From 16.20200313 (inc) to VMYR_3.5.2025117 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authorization bypass issue in MeWare Software Development Inc.'s PDKS software. It occurs due to a user-controlled key that allows an attacker to abuse privileges within the system.
How can this vulnerability impact me? :
The vulnerability can lead to privilege abuse, meaning an attacker with some level of access could escalate their privileges or bypass authorization controls, potentially gaining unauthorized access to sensitive information or functions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70