CVE-2026-8377 (GCVE-0-2026-8377)
Vulnerability from cvelistv5 – Published: 2026-07-07 07:25 – Updated: 2026-07-07 13:29
VLAI
EPSS
VEX
Title
Improper Authorization in Armiya Technologies' Access Control System
Summary
Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.
This issue affects Access Control System (GKS): before Version 2.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Armiya Information Technologies Ltd. Co. | Access Control System (GKS) |
Affected:
0 , < Version 2
(custom)
|
Date Public
2026-07-07 07:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T13:29:03.658771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T13:29:16.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Access Control System (GKS)",
"vendor": "Armiya Information Technologies Ltd. Co.",
"versions": [
{
"lessThan": "Version 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mert TURAN"
}
],
"datePublic": "2026-07-07T07:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Access Control System (GKS): before Version 2.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.\n\nThis issue affects Access Control System (GKS): before Version 2."
}
],
"impacts": [
{
"capecId": "CAPEC-150",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-150 Collect Data from Common Resource Locations"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T07:25:06.910Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502"
}
],
"source": {
"advisory": "TR-26-0502",
"defect": [
"TR-26-0502"
],
"discovery": "UNKNOWN"
},
"title": "Improper Authorization in Armiya Technologies\u0027 Access Control System",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-8377",
"datePublished": "2026-07-07T07:25:06.910Z",
"dateReserved": "2026-05-12T08:45:41.295Z",
"dateUpdated": "2026-07-07T13:29:16.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-8377",
"date": "2026-07-10",
"epss": "0.00198",
"percentile": "0.09721"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-8377\",\"sourceIdentifier\":\"iletisim@usom.gov.tr\",\"published\":\"2026-07-07T08:16:26.127\",\"lastModified\":\"2026-07-07T14:16:34.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.\\n\\nThis issue affects Access Control System (GKS): before Version 2.\"}],\"affected\":[{\"source\":\"iletisim@usom.gov.tr\",\"affectedData\":[{\"vendor\":\"Armiya Information Technologies Ltd. Co.\",\"product\":\"Access Control System (GKS)\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"Version 2\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"iletisim@usom.gov.tr\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-07T13:29:03.658771Z\",\"id\":\"CVE-2026-8377\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"iletisim@usom.gov.tr\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"references\":[{\"url\":\"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502\",\"source\":\"iletisim@usom.gov.tr\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-8377\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-07T13:29:03.658771Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-07T13:29:13.231Z\"}}], \"cna\": {\"title\": \"Improper Authorization in Armiya Technologies\u0027 Access Control System\", \"source\": {\"defect\": [\"TR-26-0502\"], \"advisory\": \"TR-26-0502\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Mert TURAN\"}], \"impacts\": [{\"capecId\": \"CAPEC-150\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-150 Collect Data from Common Resource Locations\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Armiya Information Technologies Ltd. Co.\", \"product\": \"Access Control System (GKS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"Version 2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-07-07T07:20:00.000Z\", \"references\": [{\"url\": \"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0502\", \"tags\": [\"government-resource\"]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.\\n\\nThis issue affects Access Control System (GKS): before Version 2.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System (GKS) allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Access Control System (GKS): before Version 2.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"ca940d4e-fea4-4aa2-9a58-591a58b1ce21\", \"shortName\": \"TR-CERT\", \"dateUpdated\": \"2026-07-07T07:25:06.910Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-8377\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-07T13:29:16.531Z\", \"dateReserved\": \"2026-05-12T08:45:41.295Z\", \"assignerOrgId\": \"ca940d4e-fea4-4aa2-9a58-591a58b1ce21\", \"datePublished\": \"2026-07-07T07:25:06.910Z\", \"assignerShortName\": \"TR-CERT\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…