PatchSiren cyber security CVE debrief
CVE-2026-2339 TUBITAK BILGEM Software Technologies Research Institute CVE debrief
CVE-2026-2339 is a high-severity vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk. The vulnerability has a CVSS score of 7.5 and is classified as a Missing Authentication for Critical Function issue. This vulnerability allows for Remote Code Inclusion, Privilege Abuse, and Command Injection. The affected version is Liderahenk before 3.5.1.
- Vendor
- TUBITAK BILGEM Software Technologies Research Institute
- Product
- Liderahenk
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-10
- Original CVE updated
- 2026-06-06
- Advisory published
- 2026-03-10
- Advisory updated
- 2026-06-06
Who should care
Users of Liderahenk versions before 3.5.1 should apply the necessary patches to prevent exploitation of this vulnerability.
Technical summary
The vulnerability is caused by a missing authentication mechanism for a critical function in Liderahenk. This allows an attacker to remotely include code, abuse privileges, and inject commands.
Defensive priority
High
Recommended defensive actions
- Apply the patch for Liderahenk version 3.5.1 or later.
- Review and restrict access to Liderahenk systems.
- Monitor Liderahenk systems for suspicious activity.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4] and [ref-5].
Official resources
CVE-2026-2339 was published on [cvePublishedAt] and last modified on [cveModifiedAt].