OS Command Injection Vulnerability in TUBITAK BILGEM Pardus OS My Computer
CVE-2026-6849

8.8HIGH

Key Information:

Vendor

Tubitak Bilgem Software Technologies Research Institute

Status
Pardus Os My Computer
Vendor
CVE Published:
29 April 2026

What is CVE-2026-6849?

A security flaw has been identified in the My Computer component of TUBITAK BILGEM's Pardus OS. This vulnerability arises from improper neutralization of special elements used in operating system commands, which allows an attacker to execute arbitrary commands on the host system. The issue is present in versions of Pardus OS My Computer up to and including 0.7.5, prior to 0.8.0, thus necessitating immediate updates to ensure system integrity and security.

Affected Version(s)

Pardus OS My Computer <=0.7.5 < 0.8.0

References

https://www.usom.gov.tr/bildirim/tr-26-0131
third-party-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Osman Can VURAL
.