{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/havelsan-inc./feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-13696"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Liman MYS: before release.Master.1107"],"_cs_severities":["high"],"_cs_tags":["vulnerability","ldap-injection","web-application"],"_cs_type":"advisory","_cs_vendors":["HAVELSAN Inc."],"content_html":"\u003cp\u003eA critical LDAP injection vulnerability, identified as CVE-2026-13696, has been discovered in HAVELSAN Inc.'s Liman MYS administrative management system. This flaw stems from improper neutralization of special characters within LDAP queries, allowing attackers to manipulate or inject malicious LDAP statements. Such an injection could lead to unauthorized authentication bypass, data exfiltration from the LDAP directory, or alteration of user and group information. The vulnerability affects all versions of Liman MYS prior to \u003ccode\u003erelease.Master.1107\u003c/code\u003e. With a CVSS v3.1 Base Score of 8.8, this vulnerability poses a significant risk, as successful exploitation could grant attackers extensive control over user management and potentially lead to broader system compromise. This issue was published on 2026-07-07, and organizations using affected versions are urged to apply the patch immediately to mitigate these severe risks.\u003c/p\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-13696 could allow an unauthenticated attacker to bypass authentication mechanisms, gain unauthorized access to the Liman MYS system, and potentially the underlying LDAP directory. This could lead to information disclosure, unauthorized modification of user accounts, groups, and permissions, or even full administrative compromise of the directory service. The highly sensitive nature of LDAP directories means that compromise could have widespread effects on user management, access control across multiple integrated systems, and lead to significant data breaches or operational disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-13696 on all HAVELSAN Inc. Liman MYS instances immediately by upgrading to \u003ccode\u003erelease.Master.1107\u003c/code\u003e or later.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-07T12:25:36Z","date_published":"2026-07-07T12:25:36Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-13696-havelsan-liman-mys-ldap-injection/","summary":"A high-severity LDAP injection vulnerability, tracked as CVE-2026-13696 with a CVSS v3.1 base score of 8.8, affects HAVELSAN Inc.'s Liman MYS versions prior to release.Master.1107, allowing attackers to bypass authentication or exfiltrate sensitive data via improper neutralization of special characters in LDAP queries.","title":"CVE-2026-13696: HAVELSAN Liman MYS LDAP Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-13696-havelsan-liman-mys-ldap-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-11348"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Liman MYS: \u003c release.Master.1107"],"_cs_severities":["high"],"_cs_tags":["vulnerability","cryptographic-vulnerability","liman-mys"],"_cs_type":"threat","_cs_vendors":["HAVELSAN Inc."],"content_html":"\u003cp\u003eA significant vulnerability, CVE-2026-11348, has been identified in HAVELSAN Inc.'s Liman MYS product. This flaw stems from an improper verification of cryptographic signatures, which an attacker can exploit to fake the origin of data. The vulnerability, first disclosed by the Computer Emergency Response Team of the Republic of Turkey, impacts all versions of Liman MYS released prior to \u003ccode\u003erelease.Master.1107\u003c/code\u003e. While specific details of in-the-wild exploitation are not yet public, such a vulnerability allows malicious actors to potentially inject falsified information into systems or bypass authentication mechanisms that rely on cryptographic signatures. This could lead to data manipulation, unauthorized access, or other integrity compromises within environments utilizing Liman MYS.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker Crafts Malicious Data\u003c/strong\u003e: An unauthenticated attacker creates data intended to be malicious (e.g., altered configuration, spoofed commands, or falsified reports).\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker Forges Cryptographic Signature\u003c/strong\u003e: The attacker generates a cryptographic signature for the malicious data that appears legitimate but is actually forged.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAttacker Submits Crafted Payload\u003c/strong\u003e: The attacker sends the malicious data bundle, including the forged signature, to a vulnerable HAVELSAN Liman MYS instance.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eLiman MYS Processes Incoming Data\u003c/strong\u003e: The application receives the data and attempts to validate its authenticity by verifying the accompanying cryptographic signature.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSignature Verification Bypass (CVE-2026-11348)\u003c/strong\u003e: Due to the inherent flaw in the signature verification logic (CWE-347), Liman MYS fails to correctly identify the forged signature as invalid.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eData Accepted as Legitimate\u003c/strong\u003e: The Liman MYS application mistakenly authenticates and accepts the malicious data as originating from a trusted or authorized source.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eApplication Processes Faked Data\u003c/strong\u003e: The application proceeds to process the attacker-controlled data, believing it to be genuine and reliable.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eImpact Realized\u003c/strong\u003e: The faked data is then integrated into the system, leading to consequences such as data integrity compromise, execution of unauthorized commands, or other logical abuses depending on the attacker's specific objective.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability allows an attacker to \u0026quot;fake the source of data,\u0026quot; meaning they can potentially inject arbitrary malicious information into the Liman MYS system, bypass integrity checks, or spoof legitimate entities. The CVSS v3.1 base score of 8.1 (High) indicates significant potential for impact, including high confidentiality, integrity, and availability impacts, if successfully exploited. Organizations using affected versions of HAVELSAN Liman MYS could face data corruption, unauthorized system behavior, or loss of trust in the data managed by the platform. Without immediate patching, affected systems remain vulnerable to external manipulation, potentially impacting operational reliability and security.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-11348 immediately by updating HAVELSAN Liman MYS to \u003ccode\u003erelease.Master.1107\u003c/code\u003e or a newer version as advised by the vendor.\u003c/li\u003e\n\u003cli\u003eReview the vendor advisory at \u003ca href=\"https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504\"\u003ehttps://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0504\u003c/a\u003e for further guidance and details on the patch.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-07T12:25:00Z","date_published":"2026-07-07T12:25:00Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-11348-liman-mys-signature-bypass/","summary":"A critical improper verification of cryptographic signature vulnerability, tracked as CVE-2026-11348, in HAVELSAN Inc.'s Liman MYS product allows an unauthenticated attacker to fake the source of data, leading to potential data integrity compromise.","title":"CVE-2026-11348: HAVELSAN Liman MYS Cryptographic Signature Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-11348-liman-mys-signature-bypass/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.3,"id":"CVE-2026-11340"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Liman MYS (before release.Master.1107)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","web-application","missing-authorization","cve"],"_cs_type":"advisory","_cs_vendors":["HAVELSAN Inc."],"content_html":"\u003cp\u003eA critical missing authorization vulnerability, identified as CVE-2026-11340, has been disclosed in HAVELSAN Inc.'s Liman MYS, affecting all versions before release.Master.1107. This flaw stems from the application's failure to properly constrain access to certain functionalities by Access Control Lists (ACLs). This means that a low-privileged authenticated attacker could potentially access and manipulate features or data that should be restricted to higher-privileged users. With a CVSS v3.1 base score of 8.3 (High), this vulnerability poses a significant risk of high impact to data integrity and system availability, and low impact to confidentiality, if exploited. Defenders should prioritize patching this vulnerability to prevent unauthorized access and potential system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker, possessing valid low-privileged credentials, identifies a vulnerable HAVELSAN Liman MYS instance (versions prior to release.Master.1107).\u003c/li\u003e\n\u003cli\u003eThe attacker authenticates to the Liman MYS web interface using their legitimate low-privileged account.\u003c/li\u003e\n\u003cli\u003eThe attacker then crafts a request or navigates to a specific sensitive function or resource that should typically be restricted by ACLs to higher-privileged users.\u003c/li\u003e\n\u003cli\u003eDue to the missing authorization vulnerability (CVE-2026-11340), the Liman MYS application fails to adequately verify the attacker's authorization level for the requested resource or action.\u003c/li\u003e\n\u003cli\u003eThe application incorrectly grants the low-privileged attacker access to the restricted functionality or data, bypassing intended security controls.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform unauthorized actions, such as modifying critical system configurations, accessing sensitive information, or triggering disruptive operations.\u003c/li\u003e\n\u003cli\u003eThis unauthorized access ultimately leads to high impact on the system's integrity (e.g., data tampering, unauthorized changes) and availability (e.g., service disruption), with a low impact on confidentiality.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe exploitation of CVE-2026-11340 can lead to severe consequences for organizations utilizing HAVELSAN Inc. Liman MYS. While specific victim counts are not available, successful exploitation by a low-privileged attacker could result in high impact to the integrity of the system and data, allowing for unauthorized modifications or deletions. Additionally, the availability of critical services could be severely affected, potentially leading to denial of service conditions. Confidentiality is also impacted, albeit at a lower level, as unauthorized data access might occur. Given Liman MYS's role, such compromise could disrupt operational management and expose sensitive internal configurations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately apply the patch to update HAVELSAN Liman MYS to release.Master.1107 or a later secure version to remediate CVE-2026-11340.\u003c/li\u003e\n\u003cli\u003eEnable comprehensive web application logging on your HAVELSAN Liman MYS instances to capture all HTTP requests, including request methods, URIs, user agents, and source IP addresses, to aid in detecting abnormal access patterns.\u003c/li\u003e\n\u003cli\u003eRegularly audit Access Control Lists (ACLs) and authorization configurations within Liman MYS to ensure they align with the principle of least privilege and prevent similar authorization bypasses.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-07T11:18:52Z","date_published":"2026-07-07T11:18:52Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-11340-liman-mys/","summary":"A missing authorization vulnerability (CVE-2026-11340) in HAVELSAN Inc. Liman MYS versions prior to release.Master.1107 allows an attacker with low privileges to access functionality not properly constrained by ACLs, leading to high impact on integrity and availability.","title":"CVE-2026-11340 — Missing Authorization in HAVELSAN Liman MYS","url":"https://feed.craftedsignal.io/briefs/2026-07-cve-2026-11340-liman-mys/"}],"language":"en","title":"CraftedSignal Threat Feed - HAVELSAN Inc.","version":"https://jsonfeed.org/version/1.1"}