Skip to main content

Access Control System (GKS) CVE-2026-8377

| EUVDEUVD-2026-42019 HIGH
Missing Authorization (CWE-862)
2026-07-07 TR-CERT GHSA-37xf-hmm2-cg24
8.2
CVSS 3.1 · Vendor: TR-CERT
Share

Severity by source

Vendor (TR-CERT) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
vuln.today AI
8.2 HIGH

Missing authorization on network-reachable endpoints needs no auth or interaction (AV:N/AC:L/PR:N/UI:N); primarily discloses data (C:H) with minor integrity effect (I:L) and no availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jul 07, 2026 - 08:03 vuln.today

DescriptionCVE.org

Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.

This issue affects Access Control System (GKS): before Version 2.

AnalysisAI

Information disclosure in Armiya Information Technologies' Access Control System (GKS) before Version 2 allows remote unauthenticated attackers to collect sensitive data from common resource locations due to a missing authorization check. Because the affected endpoints do not verify that a requester is entitled to the data they return, an attacker who can reach the system over the network can harvest information without credentials. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach GKS over network
Delivery
Enumerate common resource locations
Exploit
Send unauthenticated request
Execution
Missing authorization check bypassed
Impact
Collect sensitive access-control data

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the GKS application and knowledge of the 'common resource locations' (shared/well-known endpoints or paths) that the system exposes without an authorization check; per CVSS PR:N and UI:N, no authentication and no user interaction are needed against a reachable instance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N, base 8.2) describes a network-reachable, low-complexity, unauthenticated attack with high confidentiality impact and only limited integrity impact - a strong signal for a data-exposure priority where the system is internet- or LAN-reachable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to the GKS application sends requests to well-known or common resource locations without supplying any credentials, and the server returns access-control data (such as identity, permission, or configuration records) because no authorization check is enforced. Repeating this against enumerated resource paths lets the attacker bulk-collect sensitive data. …
Remediation Upgrade Access Control System (GKS) to Version 2 or later, which is the fixed release implied by the 'before Version 2' affected range; treat any build prior to Version 2 as vulnerable. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all GKS deployments and confirm versions; assess network accessibility and prioritize systems exposed to untrusted networks or the public internet. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-8377 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy