CVE-2026-4104NVD

Vulnerability Summary

Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection.

This issue affects TeknoPass: from 20210501 through 20260429.

Severity Level

CRITICAL(9.8)

Published Date

Jun 4, 2026

Last Modified

Jun 4, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.04%Probability

Root Weakness (CWE)

CWE-89: SQL Injection ↗

Improper neutralization of special elements used in an SQL command, allowing attackers to modify queries.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0309

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-4104NVD

Vulnerability Summary

External References