Auth bypass in Tubitak Bilgem Software Technologies Research Institute Liderahenk
CVE-2026-2339
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before 3.5.1.
Vulnerability class: Broken Authentication
EPSS: 0.002 (43.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
Weakness classification (CWE)
References
- iletisim@usom.gov.tr (third-party-advisory)
Frequently asked questions
- What is CVE-2026-2339?
- CVE-2026-2339 is a high-severity vulnerability in Tubitak Bilgem Software Technologies Research Institute Liderahenk, classified under Missing Authentication for Critical Function. CVSS score: 7.5/10. Published 2026-03-10.
- How severe is CVE-2026-2339?
- High severity. CVSS v3 base score is 7.5 out of 10.