CVE-2026-9085
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in Pardus-Parental-Control (versions up to 0.5.1 before 0.7.0) is caused by incorrect permission assignment for critical resources and improper access control. This allows an attacker to perform DNS Spoofing, i.e., impersonate a DNS server and redirect network traffic.
Risk Assessment
The organization is at risk of DNS traffic interception and modification, which can lead to users being redirected to malicious websites, data theft, or malware infection.
Recommendation
Immediately update Pardus-Parental-Control to version 0.7.0 or later, which fixes this vulnerability. Before updating, consider restricting access to the vulnerable component to trusted users only.
Original NVD description (English source)
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing. This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0.

