CVE-2026-6508

Critical

Published: 07 May 2026

Published

07 May 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0002 5.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

IA-9 Service Identification and Authentication

addresses: CWE-346

Requires unique identification of the service before communications, addressing failures to validate the origin of the interaction.

SC-11 Trusted Path

addresses: CWE-346

Trusted path establishment enforces validation that the communication originates from and reaches only the intended trusted system components.

SC-20 Secure Name/Address Resolution Service (Authoritative Source)

addresses: CWE-346

Enforces validation of the true origin of DNS responses via signatures and chain-of-trust mechanisms.

SC-21 Secure Name/Address Resolution Service (Recursive or Caching Resolver)

addresses: CWE-346

Enforces origin validation of name/address data, eliminating reliance on unverified or impersonated DNS sources.

SC-23 Session Authenticity

addresses: CWE-346

Mandates origin validation so that only legitimate endpoints can continue the authenticated session.

Security SummaryAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-346

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0181
iletisim@usom.gov.tr