Cyber Resilience

CVE-2026-5161

HighUpdated

Published: 29 April 2026

Published
29 April 2026
Modified
06 June 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0033 24.5th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5161 is a high-severity Link Following (CWE-59) vulnerability in Gov (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 24.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-5161 is an improper link resolution before file access vulnerability, commonly known as 'link following', in the Pardus About application from TUBITAK BILGEM Software Technologies Research Institute. This flaw enables symlink attacks and affects Pardus About versions prior to v1.2.1. Published on 2026-04-29, it is associated with CWE-59 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A remote attacker requires no privileges and low complexity to exploit this vulnerability, but user interaction is necessary, such as clicking a malicious link or opening a crafted file. Successful exploitation allows high-impact consequences, including unauthorized access to sensitive data (confidentiality), modification of files or system integrity (integrity), and disruption of services (availability), typically by following symbolic links to arbitrary locations on the filesystem.

The Turkish National Cyber Incident Response Center (USOM) advisory at https://www.usom.gov.tr/bildirim/tr-26-0131 provides further details on the issue. Affected systems should upgrade to Pardus About v1.2.1 or later to mitigate the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before 1.2.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1485 Data Destruction Impact
Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.
Why these techniques?

The symlink following vulnerability directly enables unauthorized access to arbitrary local files (T1005), modification of stored data (T1565.001), and data destruction/disruption (T1485) when a user opens a crafted file or link.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40931Shared CWE-59
CVE-2026-32054Shared CWE-59
CVE-2026-41882Shared CWE-59
CVE-2026-48921Shared CWE-59
CVE-2025-1683Shared CWE-59
CVE-2026-35349Shared CWE-59
CVE-2026-9804Shared CWE-59
CVE-2025-24103Shared CWE-59
CVE-2026-32024Shared CWE-59
CVE-2025-15314Shared CWE-59

Affected Assets

Gov
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the improper link resolution vulnerability by requiring timely installation of the vendor patch for Pardus About versions prior to 1.2.2.

prevent

Limits the Pardus About application's privileges to essential files and directories, mitigating symlink attacks by blocking access to sensitive targets.

prevent

Requires validation of file paths and links before access in Pardus About, addressing the improper resolution that enables symlink exploitation.

References