Skip to main content

Pardus Domain Joiner

1 CVEs product

Monthly

CVE-2026-12250 HIGH PATCH This Week

Sensitive information exposure in Pardus Domain Joiner (versions 0.5.2 up to but not including 0.5.4) lets a local low-privileged user harvest secrets — most plausibly domain-join credentials — that the tool passes as visible arguments when invoking a child process. TUBITAK BILGEM's utility enrolls Pardus (a Turkish Debian-based distribution) endpoints into a directory/domain, so the leaked material can be Active Directory or LDAP bind credentials. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, but the fix in 0.5.4 confirms the issue is vendor-acknowledged.

Information Disclosure Pardus Domain Joiner
NVD VulDB
CVSS 3.1
7.9
EPSS
0.1%
EPSS 0% CVSS 7.9
HIGH PATCH This Week

Sensitive information exposure in Pardus Domain Joiner (versions 0.5.2 up to but not including 0.5.4) lets a local low-privileged user harvest secrets — most plausibly domain-join credentials — that the tool passes as visible arguments when invoking a child process. TUBITAK BILGEM's utility enrolls Pardus (a Turkish Debian-based distribution) endpoints into a directory/domain, so the leaked material can be Active Directory or LDAP bind credentials. There is no public exploit identified at time of analysis and the flaw is not in CISA KEV, but the fix in 0.5.4 confirms the issue is vendor-acknowledged.

Information Disclosure Pardus Domain Joiner
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy