CVE-2026-1815
Deferred
Deferred - Pending Action
Insufficient Session Expiration in TEİAŞ Mobile App Enables Session Hijacking
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking.
This issue affects Mobile Application: from 1.6.2 before 1.13.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teias | mobile_application | From 1.6.2 (inc) to 1.13 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
