A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c
Description
A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: TUBITAK BILGEM Software Technologies Research Institute
PRODUCT: Liderahenk
AFFECTED_VERSIONS: 2.0.1
CONFIDENCE: high
MISSING: patch
---END_METADATA---
Description Summary:
Liderahenk contains an origin validation error that allows unauthenticated access to restricted application functionality by bypassing configured Access Control Lists (ACLs).
Executive Summary:
A critical origin validation error in Liderahenk allows unauthorized access to sensitive functionality, posing a severe risk of complete system compromise.
Vulnerability Details
CVE-ID: CVE-2026-6508
Affected Software: TUBITAK BILGEM Software Technologies Research Institute Liderahenk
Affected Versions: 2.0.1
Vulnerability: This vulnerability stems from a failure to properly validate the origin of requests, allowing an unauthenticated attacker to bypass established ACLs. This effectively grants access to administrative or restricted functions that should otherwise be protected.
Business Impact
The CVSS score of 9.8 indicates a critical risk to the confidentiality, integrity, and availability of the Liderahenk platform. Exploitation could allow an attacker to perform unauthorized administrative actions, leading to full system compromise and significant data breaches.
Remediation Plan
Immediate Action: Upgrade to Liderahenk version 2.0.2 or the latest vendor-supplied patch.
Proactive Monitoring: Monitor system logs for unauthorized access attempts to restricted API endpoints or administrative functions.
Compensating Controls: Restrict network access to the Liderahenk interface using IP allow-lists and ensure it is not exposed to the public internet.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of May 7, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a total failure of authorization controls. Organizations utilizing Liderahenk must treat this as a high-priority remediation item and apply the necessary updates immediately to secure their environment.