CVE-2026-6849

{"id": "CVE-2026-6849", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-04-29T16:16:28.413", "references": [{"url": "https://www.usom.gov.tr/bildirim/tr-26-0131", "source": "iletisim@usom.gov.tr"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "iletisim@usom.gov.tr", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.\n\nThis issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0."}], "lastModified": "2026-04-29T21:13:30.563", "sourceIdentifier": "iletisim@usom.gov.tr"}