CVE-2026-4104

Deferred Deferred - Pending Action

Authorization Bypass via SQL Injection in TeknoPass

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: Computer Emergency Response Team of the Republic of Turkey

Description

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-04

Last Modified

2026-06-04

Generated

2026-06-24

AI Q&A

2026-06-04

EPSS Evaluated

2026-06-23

NVD

CVE-2026-4104

EUVD

EUVD-2026-34243

Affected Vendors & Products

Vendor	Product	Version / Range
akmer_informatics_automation_industry_and_trade_ltd_co	teknopass	From 20210501 (inc) to 20260429 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

Executive Summary

This vulnerability is an authorization bypass caused by a user-controlled SQL primary key in the TeknoPass software by Akmer Informatics Automation Industry and Trade Ltd. Co. It allows an attacker to perform SQL Injection attacks.

Impact Analysis

Exploitation of this vulnerability can lead to severe impacts including unauthorized access to data, data modification, and disruption of service. The CVSS score of 9.8 indicates a critical severity with high impact on confidentiality, integrity, and availability.

Hi! I’m here to help you understand CVE-2026-4104. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-4104

Authorization Bypass via SQL Injection in TeknoPass

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart