CVE-2026-6508

CRITICAL

RCE in TUBITAK BILGEM's Liderahenk

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-6508. PoCs published by jackalkarlos.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-6508, demonstrating unauthorized remote code execution (RCE) and lateral movement in LiderAhenk's centralized management system. The exploit leverages XMPP messaging to send crafted EXECUTE_SCRIPT commands from one client to another, bypassing authentication checks.

Description

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.

Exploits (1)

nomisec WORKING POC 2 stars
by jackalkarlos · poc
https://github.com/jackalkarlos/EvilAhenk

This repository contains a functional exploit for CVE-2026-6508, demonstrating unauthorized remote code execution (RCE) and lateral movement in LiderAhenk's centralized management system. The exploit leverages XMPP messaging to send crafted EXECUTE_SCRIPT commands from one client to another, bypassing authentication checks.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LiderAhenk Merkezi Yönetim Sistemi
Auth required
Prerequisites: Access to a compromised client with valid XMPP credentials · Network access to the XMPP server
devstral-2 · analyzed May 22, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 9.8
EPSS 0.0003
EPSS Percentile 8.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-346
Status published
Products (1)
TUBITAK BILGEM Software Technologies Research Institute/Liderahenk 2.0.1 - 2.0.2
Published May 07, 2026
Tracked Since May 07, 2026