Cyber Resilience

CVE-2026-2339

HighUpdated

Published: 10 March 2026

Published
10 March 2026
Modified
06 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0030 54.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-2339 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Gov (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-2339 is a Missing Authentication for Critical Function vulnerability, classified under CWE-306, in the Liderahenk software developed by TUBITAK BILGEM Software Technologies Research Institute. This flaw affects Liderahenk versions prior to 3.5.1 and enables remote code inclusion, privilege abuse, and command injection when authentication is bypassed for critical functions.

The vulnerability carries a CVSS v3.1 base score of 7.5 (High), with vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Remote attackers require no privileges but must overcome high attack complexity and rely on user interaction to exploit it over the network. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing arbitrary code execution and privilege escalation.

The advisory published by USOM on March 10, 2026, provides further details at https://www.usom.gov.tr/bildirim/tr-26-0087. Upgrading to Liderahenk version 3.5.1 resolves the issue for affected systems.

EU & UK References

Vulnerability details

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection. This issue affects Liderahenk: before 3.5.1.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Missing auth (CWE-306) on critical functions directly enables remote exploitation of a public-facing app (T1190) for command injection (T1059) and privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-25192Shared CWE-306
CVE-2026-27767Shared CWE-306
CVE-2026-25848Shared CWE-306
CVE-2025-59246Shared CWE-306
CVE-2026-26055Shared CWE-306
CVE-2025-62586Shared CWE-306
CVE-2026-29796Shared CWE-306
CVE-2026-26125Shared CWE-306
CVE-2026-27772Shared CWE-306
CVE-2026-2417Shared CWE-306

Affected Assets

Gov
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses missing authentication for critical functions by requiring identification, documentation, and restriction of permitted actions without identification or authentication.

prevent

Enforces approved authorizations for logical access to critical functions, preventing exploitation via remote code inclusion, privilege abuse, and command injection.

prevent

Remediates the specific flaw in Liderahenk versions prior to 3.5.1 through timely patching to the fixed version 3.5.1.

References