Skip to main content

Geographic Tracking System

3 CVEs product

Monthly

CVE-2026-6209 CRITICAL Act Now

Authorization bypass in HAVELSAN Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to access restricted functionality and sensitive geospatial tracking data due to missing ACL enforcement. The CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) vector and CWE-284 classification indicate trivially exploitable broken access control affecting confidentiality and integrity of tracked entities. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Geographic Tracking System
NVD VulDB
CVSS 3.1
9.1
CVE-2026-6208 CRITICAL Act Now

Authorization bypass in HAVELSAN Inc. Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to access or modify other users' data by manipulating user-controlled identifiers. The CVSS 9.1 score reflects high confidentiality and integrity impact achievable over the network without authentication, though no public exploit identified at time of analysis. The flaw was reported by TR-CERT (Turkey's national CERT), suggesting coordinated disclosure for a regionally deployed product.

Authentication Bypass Geographic Tracking System
NVD VulDB
CVSS 3.1
9.1
CVE-2026-6207 CRITICAL Act Now

Information disclosure in HAVELSAN Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to perform system footprinting by analyzing observable discrepancies in server responses. The CVSS 9.1 score reflects high confidentiality and integrity impact over the network with no authentication required, though no public exploit identified at time of analysis. The vulnerability was reported by Turkey's national CERT (TR-CERT), suggesting it primarily affects deployments within Turkey's defense and government sectors where HAVELSAN products are commonly used.

Information Disclosure Geographic Tracking System
NVD VulDB
CVSS 3.1
9.1
CVSS 9.1
CRITICAL Act Now

Authorization bypass in HAVELSAN Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to access restricted functionality and sensitive geospatial tracking data due to missing ACL enforcement. The CVSS 9.1 (AV:N/AC:L/PR:N/UI:N) vector and CWE-284 classification indicate trivially exploitable broken access control affecting confidentiality and integrity of tracked entities. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Geographic Tracking System
NVD VulDB
CVSS 9.1
CRITICAL Act Now

Authorization bypass in HAVELSAN Inc. Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to access or modify other users' data by manipulating user-controlled identifiers. The CVSS 9.1 score reflects high confidentiality and integrity impact achievable over the network without authentication, though no public exploit identified at time of analysis. The flaw was reported by TR-CERT (Turkey's national CERT), suggesting coordinated disclosure for a regionally deployed product.

Authentication Bypass Geographic Tracking System
NVD VulDB
CVSS 9.1
CRITICAL Act Now

Information disclosure in HAVELSAN Geographic Tracking System versions prior to v0.0.2 allows remote unauthenticated attackers to perform system footprinting by analyzing observable discrepancies in server responses. The CVSS 9.1 score reflects high confidentiality and integrity impact over the network with no authentication required, though no public exploit identified at time of analysis. The vulnerability was reported by Turkey's national CERT (TR-CERT), suggesting it primarily affects deployments within Turkey's defense and government sectors where HAVELSAN products are commonly used.

Information Disclosure Geographic Tracking System
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy