{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/pardus-parental-control--0.7.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-9085"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Pardus-Parental-Control (\u003c 0.7.0)"],"_cs_severities":["high"],"_cs_tags":["dns-spoofing","access-control","linux","vulnerability"],"_cs_type":"advisory","_cs_vendors":["TUBITAK BILGEM Software Technologies Research Institute"],"content_html":"\u003cp\u003eA critical vulnerability, tracked as CVE-2026-9085, has been identified in the TUBITAK BILGEM Software Technologies Research Institute's Pardus-Parental-Control software. This flaw is rooted in incorrect permission assignment for critical resources and improper access control mechanisms. Specifically, versions up to and including 0.5.1, and all versions prior to 0.7.0, are susceptible. The vulnerability enables a local attacker to execute DNS Spoofing, potentially redirecting user traffic to malicious sites, facilitating phishing attacks, or intercepting sensitive data. The CVSS v3.1 base score for this vulnerability is 8.8 (High), highlighting its severe impact if exploited. Organizations utilizing affected versions of Pardus-Parental-Control are advised to apply the necessary updates immediately to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9085 allows a local attacker to conduct DNS Spoofing. This can lead to various severe consequences for users, including redirection to malicious websites, interception of network traffic, credential harvesting through phishing campaigns, and man-in-the-middle attacks. While specific victim counts or industry targeting are not detailed in the available information, any user of the affected Pardus-Parental-Control software could be vulnerable. The primary risk is loss of confidentiality and integrity of network communications, potentially leading to unauthorized access to systems or data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePatch CVE-2026-9085\u003c/strong\u003e by upgrading Pardus-Parental-Control to version 0.7.0 or newer immediately. Refer to the vendor's advisory at \u003ccode\u003ehttps://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0500\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eImplement host-based intrusion detection systems (HIDS) to monitor for unauthorized modifications to critical system files or DNS configuration settings, which could indicate attempts to exploit \u003ccode\u003eCWE-284\u003c/code\u003e or \u003ccode\u003eCWE-732\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor local network traffic for unusual DNS queries or responses that could indicate \u003ccode\u003eDNS Spoofing\u003c/code\u003e attempts originating from controlled systems.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-05T15:21:47Z","date_published":"2026-07-05T15:21:47Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-9085-pardus-parental-control/","summary":"An Improper Access Control and Incorrect Permission Assignment vulnerability (CVE-2026-9085) in TUBITAK BILGEM's Pardus-Parental-Control software, affecting versions up to 0.5.1 and all versions before 0.7.0, allows a local attacker to perform DNS Spoofing.","title":"CVE-2026-9085: Incorrect Permissions Allow DNS Spoofing in Pardus-Parental-Control","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-9085-pardus-parental-control/"}],"language":"en","title":"CraftedSignal Threat Feed - Pardus-Parental-Control (\u003c 0.7.0)","version":"https://jsonfeed.org/version/1.1"}