CVE-2026-5161

High

Published: 29 April 2026

Published

29 April 2026

Modified

04 May 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0005 15.4th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5161 is a high-severity Link Following (CWE-59) vulnerability in Gov (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the improper link resolution vulnerability by requiring timely installation of the vendor patch for Pardus About versions prior to 1.2.2.

AC-6 Least Privilege partial match

prevent

Limits the Pardus About application's privileges to essential files and directories, mitigating symlink attacks by blocking access to sensitive targets.

SI-10 Information Input Validation partial match

prevent

Requires validation of file paths and links before access in Pardus About, addressing the improper resolution that enables symlink exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1565.001 Stored Data Manipulation Impact

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

T1485 Data Destruction Impact

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.

attack.mitre.org →

Why these techniques?

The symlink following vulnerability directly enables unauthorized access to arbitrary local files (T1005), modification of stored data (T1565.001), and data destruction/disruption (T1485) when a user opens a crafted file or link.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2.

Deeper analysisAI

CVE-2026-5161 is an improper link resolution before file access vulnerability, commonly known as 'link following', in the Pardus About application from TUBITAK BILGEM Software Technologies Research Institute. This flaw enables symlink attacks and affects Pardus About versions prior to v1.2.1. Published on 2026-04-29, it is associated with CWE-59 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A remote attacker requires no privileges and low complexity to exploit this vulnerability, but user interaction is necessary, such as clicking a malicious link or opening a crafted file. Successful exploitation allows high-impact consequences, including unauthorized access to sensitive data (confidentiality), modification of files or system integrity (integrity), and disruption of services (availability), typically by following symbolic links to arbitrary locations on the filesystem.

The Turkish National Cyber Incident Response Center (USOM) advisory at https://www.usom.gov.tr/bildirim/tr-26-0131 provides further details on the issue. Affected systems should upgrade to Pardus About v1.2.1 or later to mitigate the vulnerability.