What is the CVSS score of CVE-2026-6508?

CVE-2026-6508 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Liderahenk are affected by CVE-2026-6508?

Liderahenk 2.0.1 contains a critical access control bypass vulnerability (CVSS 9.8) allowing unauthenticated remote attackers to achieve complete system compromise without authentication or user…. A patch is available.

Liderahenk CVE-2026-6508

EUVD-2026-28356 CRITICAL

Origin Validation Error (CWE-346)

2026-05-07 iletisim@usom.gov.tr

GHSA-6j26-x548-mh3c

Information Disclosure

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch available

May 07, 2026 - 13:16 EUVD

Analysis Generated

May 07, 2026 - 12:45 vuln.today

CVE Published

May 07, 2026 - 12:16 nvd

CRITICAL 9.8

DescriptionNVD

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Liderahenk: from 2.0.1 before 2.0.2.

AnalysisAI

Remote unauthenticated attackers can bypass access control lists in Liderahenk 2.0.1, achieving complete system compromise with confidentiality, integrity, and availability impact. The origin validation flaw (CWE-346) allows attackers to access restricted functionality without proper authorization checks. …

RemediationAI

Within 24 hours: Identify all systems running Liderahenk 2.0.1 and isolate them from untrusted networks; consult vendor Pardus for patch availability and interim guidance. Within 7 days: Implement network-level access controls restricting Liderahenk administrative interfaces to trusted IP ranges only; enable enhanced logging and monitoring for unauthorized access attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-6508 vulnerability details – vuln.today

Back

Liderahenk CVE-2026-6508

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code