CVE-2026-9085
TUBITAK BILGEM · Pardus-Parental-Control
Pardus-Parental-Control contains an improper access control vulnerability that permits local attackers to perform DNS spoofing by exploiting incorrect permission assignments.
Executive summary
A high-severity DNS spoofing vulnerability in TUBITAK BILGEM Pardus-Parental-Control could allow a local attacker to intercept or redirect network traffic.
Vulnerability
The software suffers from improper permission assignment for critical resources (CWE-732) and improper access control (CWE-284). These flaws allow an authenticated local user to manipulate DNS configurations, effectively facilitating DNS spoofing.
Business impact
The ability to perform DNS spoofing poses a significant risk to the integrity of network communications. An attacker could redirect traffic to malicious servers, leading to credential theft, malware delivery, or the compromise of sensitive data. With a CVSS score of 8.8, this vulnerability carries a high risk of total system compromise regarding network traffic control.
Remediation
Immediate Action: Update Pardus-Parental-Control to version 0.7.0 or the latest available release provided by TUBITAK BILGEM.
Proactive Monitoring: Monitor system logs for unauthorized changes to network configuration files or unexpected modifications to DNS resolution settings.
Compensating Controls: Restrict local user access to system-level configuration files and ensure that non-administrative users do not possess permissions to modify network service settings.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The severity of this issue necessitates immediate attention to prevent local privilege escalation and network interception. IT administrators should prioritize the deployment of the vendor-supplied patch across all affected systems to mitigate the risk of DNS-based attacks.