CVE-2026-14459
HIGHArgument Injection in TUBITAK BILGEM's pardus-software
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-14459. PoCs published by dasokkk.
AI-analyzed exploit summary This repository contains functional exploit code for CVE-2026-14459 (APT option injection via PolicyKit helper leading to local privilege escalation) and CVE-2026-14460 (missing authorization in PolicyKit action allowing unauthenticated root apt-update). The exploits demonstrate arbitrary command execution as root and denial-of-service via repeated apt-update invocations.
Description
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
Exploits (1)
This repository contains functional exploit code for CVE-2026-14459 (APT option injection via PolicyKit helper leading to local privilege escalation) and CVE-2026-14460 (missing authorization in PolicyKit action allowing unauthenticated root apt-update). The exploits demonstrate arbitrary command execution as root and denial-of-service via repeated apt-update invocations.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H