PT-2026-35920 · Tubitak Bilgem · Pardus
Çağrı Eser
·
Published
2026-04-29
·
Updated
2026-06-08
·
CVE-2026-5140
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pardus versions 0.6.4 through 0.7.x
Description
Improper neutralization of CRLF sequences, also known as CRLF injection, in TUBITAK BILGEM Software Technologies Research Institute Pardus allows for Authentication Bypass. CRLF injection occurs when an application fails to filter carriage return (CR) and line feed (LF) characters, allowing an attacker to inject new lines into HTTP headers.
Recommendations
Update to version 0.8.0.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pardus