Skip to main content

BAPSİS CVE-2026-6001

| EUVD-2026-29442 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-05-12 TR-CERT GHSA-q4cr-cjq5-h3m4
Authentication Bypass
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 12, 2026 - 10:31 vuln.today
CVE Published
May 12, 2026 - 09:53 nvd
HIGH 8.8

DescriptionNVD

Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers.

This issue affects BAPSİS: before v.202604152042.

AnalysisAI

Authorization bypass in BAPSİS web application enables unauthenticated remote attackers to exploit trusted identifiers through user-controlled keys when victims interact with crafted requests. ABIS Technology's BAPSİS platform (versions before v.202604152042) contains a CWE-639 flaw where authorization checks rely on client-controlled key values, allowing attackers to manipulate trust relationships and gain unauthorized access with high impact to confidentiality, integrity, and availability. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all BAPSİS installations and document current versions; contact ABIS Technology support for patch availability timeline. Within 7 days: If patch released, test in non-production environment and plan deployment; if no patch, implement network segmentation to restrict BAPSİS access to trusted networks only and enforce additional authentication controls at the application gateway level. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6001 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy