CVE-2026-14459

HIGH

Argument Injection in TUBITAK BILGEM's pardus-software

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-14459. PoCs published by dasokkk.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2026-14459 (APT option injection via PolicyKit helper leading to local privilege escalation) and CVE-2026-14460 (missing authorization in PolicyKit action allowing unauthenticated root apt-update). The exploits demonstrate arbitrary command execution as root and denial-of-service via repeated apt-update invocations.

Description

Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection. This issue affects pardus-software: from <= 1.0.4 before 1.0.5.

Exploits (1)

github WORKING POC
by dasokkk · shellpoc
https://github.com/dasokkk/CVE-2026-14459-14460-pardus-software

This repository contains functional exploit code for CVE-2026-14459 (APT option injection via PolicyKit helper leading to local privilege escalation) and CVE-2026-14460 (missing authorization in PolicyKit action allowing unauthenticated root apt-update). The exploits demonstrate arbitrary command execution as root and denial-of-service via repeated apt-update invocations.

Classification
Working Poc 99%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: pardus-software 1.0.4 (Pardus Software Center)
No auth needed
Prerequisites: For CVE-2026-14459: Membership in the 'pardus-software' group (no sudo required) · For CVE-2026-14460: No special privileges (any local user)
mistral-large-3 · analyzed Jul 03, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0020
EPSS Percentile 9.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-88
Status published
Products (1)
TUBITAK BILGEM Software Technologies Research Institute/pardus-software <= 1.0.4 - 1.0.5
Published Jul 03, 2026
Tracked Since Jul 03, 2026