CVE-2026-6209
Improper Access Control in HAVELSAN Geographic Tracking System
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| havelsan | geographic_tracking_system | to 0.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive geographic tracking functionalities or data, potentially resulting in exposure or manipulation of critical information. Given the high CVSS score (9.1), it poses a serious risk of confidentiality and integrity breaches.
Can you explain this vulnerability to me?
This vulnerability is an Improper Access Control and Missing Authorization issue in HAVELSAN Inc.'s Geographic Tracking System. It allows unauthorized users to access functionality that should be restricted by Access Control Lists (ACLs), meaning certain features or data are accessible without proper permission checks.