CVE-2026-9085

TUBITAK BILGEM · Pardus-Parental-Control

Pardus-Parental-Control contains an improper access control vulnerability that permits local attackers to perform DNS spoofing by exploiting incorrect permission assignments.

Executive summary

A high-severity DNS spoofing vulnerability in TUBITAK BILGEM Pardus-Parental-Control could allow a local attacker to intercept or redirect network traffic.

Vulnerability

The software suffers from improper permission assignment for critical resources (CWE-732) and improper access control (CWE-284). These flaws allow an authenticated local user to manipulate DNS configurations, effectively facilitating DNS spoofing.

Business impact

The ability to perform DNS spoofing poses a significant risk to the integrity of network communications. An attacker could redirect traffic to malicious servers, leading to credential theft, malware delivery, or the compromise of sensitive data. With a CVSS score of 8.8, this vulnerability carries a high risk of total system compromise regarding network traffic control.

Remediation

Immediate Action: Update Pardus-Parental-Control to version 0.7.0 or the latest available release provided by TUBITAK BILGEM.

Proactive Monitoring: Monitor system logs for unauthorized changes to network configuration files or unexpected modifications to DNS resolution settings.

Compensating Controls: Restrict local user access to system-level configuration files and ensure that non-administrative users do not possess permissions to modify network service settings.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The severity of this issue necessitates immediate attention to prevent local privilege escalation and network interception. IT administrators should prioritize the deployment of the vendor-supplied patch across all affected systems to mitigate the risk of DNS-based attacks.