CVE-2026-8377

Armiya Information Technologies Ltd. · Access Control System (GKS)

The Armiya Information Technologies Access Control System (GKS) contains a missing authorization flaw, allowing unauthenticated remote attackers to potentially access restricted system functions.

Executive summary

A critical missing authorization vulnerability in the Armiya Information Technologies Access Control System (GKS) allows unauthenticated attackers to bypass access controls.

Vulnerability

This is a Missing Authorization (CWE-862) vulnerability. The application fails to properly verify the identity or privileges of a user before granting access to sensitive functions, effectively allowing unauthenticated access.

Business impact

With a CVSS score of 8.2, this vulnerability represents a significant risk to physical and digital security. Unauthorized access to an access control system can lead to the manipulation of security settings, unauthorized entry, or the compromise of sensitive administrative data.

Remediation

Immediate Action: Upgrade to Version 2 of the Access Control System (GKS) immediately to enforce proper authorization checks.

Proactive Monitoring: Audit all access logs for the GKS management interface to identify any unauthorized or suspicious activity originating from external IP addresses.

Compensating Controls: Restrict access to the GKS management interface by placing it behind a VPN or a restrictive firewall that limits access to trusted administrative IP addresses only.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability grants unauthenticated access to a sensitive security system and must be addressed with the utmost urgency. Organizations must verify their current version and upgrade to Version 2 immediately to restore security integrity.