CVE-2026-6508
Origin Validation Error in Liderahenk Allows ACL Bypass
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tubitak_bilgem_software_technologies_research_institute | liderahenk | From 2.0.1 (inc) to 2.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Origin Validation Error in the Liderahenk software developed by TUBITAK BILGEM Software Technologies Research Institute. It allows unauthorized access to functionality that is not properly restricted by Access Control Lists (ACLs). Essentially, this means that certain functions within the software can be accessed without the proper permissions due to incorrect validation of the origin of requests.
How can this vulnerability impact me? :
The vulnerability has a high severity with a CVSS base score of 9.8, indicating it can have a critical impact. It allows attackers to access and potentially manipulate sensitive functions without authorization, leading to full confidentiality, integrity, and availability compromise. This means attackers could steal, alter, or destroy data and disrupt services.