CVE-2026-5140

Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass. This issue affects Pardus: from <=0.6.4 before 0.8.0.

high 8.8 CVSS 3.1

Published: Apr 29, 2026

Modified: Apr 29, 2026

Description

Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass.

This issue affects Pardus: from <=0.6.4 before 0.8.0.

References

https://www.usom.gov.tr/bildirim/tr-26-0131

Version	3.1
Score	8.8 / 10
Severity	high