{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2339", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "state": "PUBLISHED", "assignerShortName": "TR-CERT", "dateReserved": "2026-02-11T11:41:37.455Z", "datePublished": "2026-03-10T12:39:12.987Z", "dateUpdated": "2026-03-27T07:28:49.302Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-03-27T07:28:49.302Z"}, "title": "RCE in TUBITAK BILGEM's Liderahenk", "datePublic": "2026-03-10T12:16:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}, {"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}, {"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "affected": [{"vendor": "TUBITAK BILGEM Software Technologies Research Institute", "product": "Liderahenk", "versions": [{"status": "affected", "version": "0", "lessThan": "3.5.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before 3.5.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.<p>This issue affects Liderahenk: before 3.5.1.</p>"}]}], "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0087", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Edip ALHAZOUR\u0130", "type": "finder"}], "source": {"defect": ["TR-26-0087"], "advisory": "TR-26-0087", "discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T13:33:30.777074Z", "id": "CVE-2026-2339", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T13:33:36.378Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2339", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T13:33:30.777074Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T13:33:33.245Z"}}], "cna": {"title": "RCE in TUBITAK BILGEM's Liderahenk", "source": {"defect": ["TR-26-0087"], "advisory": "TR-26-0087", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Edip ALHAZOUR\u0130"}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}, {"capecId": "CAPEC-122", "descriptions": [{"lang": "en", "value": "CAPEC-122 Privilege Abuse"}]}, {"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TUBITAK BILGEM Software Technologies Research Institute", "product": "Liderahenk", "versions": [{"status": "affected", "version": "0", "lessThan": "3.5.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "datePublic": "2026-03-10T12:16:00.000Z", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0087", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before 3.5.1.", "supportingMedia": [{"type": "text/html", "value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.<p>This issue affects Liderahenk: before 3.5.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "shortName": "TR-CERT", "dateUpdated": "2026-03-27T07:28:49.302Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2339", "state": "PUBLISHED", "dateUpdated": "2026-03-27T07:28:49.302Z", "dateReserved": "2026-02-11T11:41:37.455Z", "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21", "datePublished": "2026-03-10T12:39:12.987Z", "assignerShortName": "TR-CERT"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before 3.5.1."}, {"lang": "es", "value": "Vulnerabilidad por ausencia de autenticaci\u00f3n para funci\u00f3n cr\u00edtica en TUBITAK BILGEM Software Technologies Research Institute Liderahenk permite la inclusi\u00f3n remota de c\u00f3digo, el abuso de privilegios y la inyecci\u00f3n de comandos. Este problema afecta a Liderahenk: versiones anteriores a la v3.4.0."}], "id": "CVE-2026-2339", "lastModified": "2026-04-30T15:51:48.730", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}, "published": "2026-03-10T18:18:48.393", "references": [{"source": "iletisim@usom.gov.tr", "url": "https://www.usom.gov.tr/bildirim/tr-26-0087"}], "sourceIdentifier": "iletisim@usom.gov.tr", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "iletisim@usom.gov.tr", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,v3.4.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Liderahenk", "source": "cna", "vendor": "TUBITAK BILGEM Software Technologies Research Institute"}, "product": "liderahenk", "vendor": "tubitak_bilgem_software_technologies_research_institute"}], "analysis": {"en": {"generated_at": "2026-04-16T03:53:47.152597+00:00", "value": {"mitigation_remediation": ["Upgrade Liderahenk to version 3.5.1 or later, which implements the required authentication check.", "If an upgrade is not immediately possible, restrict access to the affected service by disabling the vulnerable function or enforcing authentication on the API endpoint through configuration.", "Apply network segmentation and firewall rules to limit exposure of the Liderahenk instance to trusted networks only."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Liderahenk, produced by the TUBITAK BILGEM Software Technologies Research Institute. All versions earlier than 3.5.1 are vulnerable; newer releases contain the fix.", "description_and_impact": "The vulnerability is caused by a missing authentication check on a critical function in the Liderahenk application. This flaw allows an attacker to perform command injection and include arbitrary code, enabling remote code execution with the privileges of the service. The weakness is classified as CWE\u2011306, reflecting the lack of proper authentication controls.", "risk_and_exploitability": "The CVSS score is 7.5, indicating a high severity. The EPSS score is less than 1%, suggesting a low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Attackers can likely exploit the flaw remotely over the network by sending a crafted request to the unauthenticated endpoint. While the likelihood of exploitation is low, the potential impact of arbitrary code execution warrants urgent attention."}}}}, "created": "2026-03-11T11:50:10.868595+00:00", "updated": "2026-04-16T04:00:09.447876+00:00", "vendors": ["tubitak_bilgem_software_technologies_research_institute", "tubitak_bilgem_software_technologies_research_institute$PRODUCT$liderahenk"]}