Skip to main content

TeraMIS EUVDEUVD-2026-42988

| CVE-2026-6212 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-10 TR-CERT GHSA-g6gj-wmj4-88pr
8.8
CVSS 3.1 · Vendor: TR-CERT
Share

Severity by source

Vendor (TR-CERT) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.3 HIGH

Remote low-complexity IDOR needing a low-privilege account (AV:N/AC:L/PR:L); high confidentiality and integrity from cross-account read/write, but availability only Low since an authz bypass rarely destroys the whole system.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 19:24 vuln.today

DescriptionCVE.org

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse.

This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026.

AnalysisAI

Authorization bypass in Teracity TeraMIS (versions V03.26.01.14 through the 30.04.2026 build) lets an authenticated low-privilege user tamper with a user-controlled object key to reach records and functions belonging to other users or higher-privilege roles (CWE-639 IDOR). The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms remote, low-complexity exploitation by any account holder, yielding high confidentiality and integrity impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Log in with low-privilege TeraMIS account
Delivery
Find request with user-controlled object key
Exploit
Substitute another user's or role's identifier
Execution
Server returns or alters unauthorized record
Impact
Read or modify data beyond privilege

Vulnerability AssessmentAI

Exploitation The attacker must hold a valid authenticated TeraMIS account (CVSS PR:L confirms low-privilege authentication is required - this is not unauthenticated), and the application must expose an object reference whose key is supplied and modifiable by the client. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are only partially complete but internally consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A user with a valid low-privilege TeraMIS account logs in and observes that requests reference records by a predictable identifier. By changing that identifier to values belonging to other users or administrative records, the attacker retrieves or alters data they were never granted access to, achieving privilege abuse. …
Remediation No vendor-released patch version is identified in the available data, so a specific fixed build cannot be cited; consult the TR-CERT bulletin at https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0528 and contact Teracity for a corrected release beyond the 30.04.2026 build. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all deployed TeraMIS instances and document affected versions (V03.26.01.14 through 30.04.2026 build); assess which systems contain regulated or highly sensitive data. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-42988 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy