CVE-2026-5141
Published: 29 April 2026
Summary
CVE-2026-5141 is a high-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Gov (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
AC-6 enforces least privilege, directly countering the improper privilege management and incorrect privilege assignment that enable hijacking of the privileged process in Pardus Software Center.
AC-3 mandates enforcement of access control policies, addressing the improper access control vulnerability allowing unauthenticated attackers to hijack the privileged process via user interaction.
SI-2 requires timely flaw remediation, such as patching Pardus Software Center to version 1.0.3 or later, to eliminate the specific vulnerability enabling privileged process hijacking.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an improper privilege management and access control issue that directly enables hijacking of a privileged process, which maps to exploitation for privilege escalation.
NVD Description
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.
Deeper analysisAI
CVE-2026-5141 is an Improper Privilege Management, Improper Access Control, and Incorrect Privilege Assignment vulnerability in the Pardus Software Center developed by TUBITAK BILGEM Software Technologies Research Institute. It enables hijacking of a privileged process. The issue affects Pardus Software Center versions from 1.0.2 before 1.0.3 and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), with associated CWEs 266, 269, and 284. The vulnerability was published on 2026-04-29.
An unauthenticated attacker accessible over the network can exploit this vulnerability with low complexity by tricking a user into performing an action, such as clicking a malicious link or opening a file. Successful exploitation allows the attacker to hijack a privileged process, resulting in high-impact confidentiality, integrity, and availability violations on the affected system.
Mitigation requires updating Pardus Software Center to version 1.0.3 or later, as versions from 1.0.2 prior to this release are vulnerable. Additional details are available in the advisory at https://www.usom.gov.tr/bildirim/tr-26-0131.
Details
- CWE(s)