CVE-2026-11340
HAVELSAN · Liman MYS
Liman MYS is affected by a missing authorization vulnerability that permits authenticated users to perform unauthorized actions.
Executive summary
A missing authorization vulnerability in HAVELSAN Liman MYS allows authenticated users to escalate privileges and perform unauthorized system operations.
Vulnerability
The application suffers from a missing authorization flaw (CWE-862) which enables an authenticated user with low privileges to perform actions that should be restricted to administrative roles. This lack of proper access control validation across sensitive functions poses a high risk to system integrity.
Business impact
With a CVSS score of 8.3, this vulnerability presents a substantial risk to system integrity and availability. An authenticated attacker could manipulate system configurations, potentially leading to full system compromise or service disruption. The impact is significant for organizations relying on Liman MYS for critical infrastructure management.
Remediation
Immediate Action: Update Liman MYS to version release.master.1107 or later to address the missing authorization checks.
Proactive Monitoring: Review audit logs for suspicious administrative actions or privilege escalation attempts performed by low-privileged user accounts.
Compensating Controls: Apply the principle of least privilege by restricting access to the Liman MYS interface to trusted users only, and implement secondary approval workflows for sensitive administrative tasks.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Addressing this authorization flaw is critical to maintaining the security posture of the Liman MYS platform. Organizations must ensure that the latest update is applied to enforce proper role-based access control and prevent unauthorized administrative manipulation.