CVE-2026-8377
Armiya Information Technologies Ltd. · Access Control System (GKS)
The Armiya Information Technologies Access Control System (GKS) contains a missing authorization flaw, allowing unauthenticated remote attackers to potentially access restricted system functions.
Executive summary
A critical missing authorization vulnerability in the Armiya Information Technologies Access Control System (GKS) allows unauthenticated attackers to bypass access controls.
Vulnerability
This is a Missing Authorization (CWE-862) vulnerability. The application fails to properly verify the identity or privileges of a user before granting access to sensitive functions, effectively allowing unauthenticated access.
Business impact
With a CVSS score of 8.2, this vulnerability represents a significant risk to physical and digital security. Unauthorized access to an access control system can lead to the manipulation of security settings, unauthorized entry, or the compromise of sensitive administrative data.
Remediation
Immediate Action: Upgrade to Version 2 of the Access Control System (GKS) immediately to enforce proper authorization checks.
Proactive Monitoring: Audit all access logs for the GKS management interface to identify any unauthorized or suspicious activity originating from external IP addresses.
Compensating Controls: Restrict access to the GKS management interface by placing it behind a VPN or a restrictive firewall that limits access to trusted administrative IP addresses only.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability grants unauthenticated access to a sensitive security system and must be addressed with the utmost urgency. Organizations must verify their current version and upgrade to Version 2 immediately to restore security integrity.