Cyber Posture

CVE-2026-7399

High

Published: 30 April 2026

Published
30 April 2026
Modified
30 April 2026
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0001 1.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7399 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Gov (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the authorization bypass flaw in PDKS by identifying, reporting, and applying patches for affected versions.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access, preventing bypass via user-controlled keys in the PDKS software.

SI-10 Information Input Validation good match
prevent

Validates user-controlled inputs such as the key exploited in this vulnerability, blocking manipulation that leads to privilege abuse.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Authorization bypass (CWE-639) in remote software allows low-privileged attackers to abuse privileges, directly enabling T1068 (Exploitation for Privilege Escalation) and T1190 (Exploit Public-Facing Application) via network access.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.

Deeper analysisAI

CVE-2026-7399 is an authorization bypass vulnerability caused by a user-controlled key in MeWare Software Development Inc.'s PDKS software, enabling privilege abuse and mapped to CWE-639. The issue affects PDKS versions from V16.20200313 up to but excluding VMYR_3.5.2025117. Published on 2026-04-30, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), indicating high severity due to its potential for significant impact.

A low-privileged remote attacker (PR:L) can exploit this vulnerability over the network (AV:N) with low attack complexity and no user interaction (UI:N). Successful exploitation results in high confidentiality (C:H) and integrity (I:H) impacts with no availability disruption (A:N) or scope change (S:U), allowing the attacker to abuse privileges, potentially escalating access or modifying sensitive data.

The primary advisory reference is available at https://www.usom.gov.tr/bildirim/tr-26-0141, which provides further details on the vulnerability.

Details

CWE(s)
CWE-639

Affected Products

Gov
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-25147Shared CWE-639
CVE-2025-67165Shared CWE-639
CVE-2026-25497Shared CWE-639
CVE-2026-24178Shared CWE-639
CVE-2026-1619Shared CWE-639
CVE-2025-15018Shared CWE-639
CVE-2025-7347Shared CWE-639
CVE-2026-2414Shared CWE-639
CVE-2025-14996Shared CWE-639
CVE-2025-69274Shared CWE-639

References