Pardus A.I CyberSecurity Scoring
Pardus
Company Information
Website:https://www.pardus.org.tr
Employees number:33
Number of followers:8,302
NAICS:5112
Industry Type:Software Development
Homepage:pardus.org.tr
Pardus Risk Score (AI oriented)
Between 700 and 749
PardusSoftware Development
Updated:
20/05/2026
20/05/2026
748/1000
Moderate
Ba
Pardus Global Score (TPRM)
xxxx
PardusSoftware Development
Score locked

PardusModerate
Current Score
748Ba (MODERATE)
01000
1 incidents
-2 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
749
JUNE 2026
749
MAY 2026
748
APRIL 2026
748
MARCH 2026
750
Vulnerability
13 Mar 2026 • Pardus
Pardus Linux: Pardus Linux Vulnerability Lets Local Attackers Gain Silent Root Access
Critical Privilege Escalation Flaw in Pardus Linux Exposes Systems to Full Root Compromise
748
CRITICAL-2
PAR1779272890
Critical Privilege Escalation Flaw in Pardus Linux Exposes Systems to Full Root Compromise
A severe privilege escalation vulnerability chain, tracked as CVE-2026-5140 (CVSS 9.3), has been discovered in Pardus Linux, a Debian-based distribution widely used in Turkish government and educational institutions. The flaw allows local attackers to gain full root access without authentication by chaining three distinct vulnerabilities in the `pardus-update` utility.
### Vulnerability Breakdown
The exploit leverages three weaknesses in the update mechanism:
1. Polkit Authorization Bypass (CWE-285) – Misconfigured Polkit policies permit any user to execute privileged update actions without authentication, enabling root-level execution via `pkexec`.
2. CRLF Injection in Configuration Handling (CWE-93) – The `SystemSettingsWrite.py` script fails to sanitize carriage return (`\r`) characters, allowing attackers to inject malicious entries into `/etc/pardus/pardus-update.conf`.
3. Untrusted APT Source Path (CWE-426) – The `AutoAptUpgrade.py` script blindly trusts attacker-controlled configuration values, enabling the installation of malicious packages from arbitrary repositories.
### Exploitation & Impact
A proof-of-concept demonstrates how an attacker can:
- Inject a malicious APT repository path into the configuration file.
- Trigger an update to install a package with a post-install script that sets the SUID bit on `/bin/bash`, granting persistent root access.
The flaw enables full system compromise, including:
- Confidentiality breaches (access to `/etc/shadow` and sensitive files).
- Integrity violations (modification of system binaries, backdoor installation).
- Availability risks (complete system takeover).
### Mitigation & Timeline
Administrators are urged to:
- Harden Polkit policies by replacing `allow_any=yes` with `auth_admin`.
- Sanitize input by stripping both `\r` and `\n` characters in configuration scripts.
- Validate APT sources to restrict repository paths to trusted directories.
Discovery & Disclosure:
- Discovered: March 13, 2026
- Researcher: Çağrı Eser (0xc4gr1)
- Vulnerability Classes: CWE-285, CWE-93, CWE-426
The incident underscores the risks of misconfigured defaults, inadequate input validation, and improper privilege enforcement in system design. Organizations using Pardus Linux should audit systems and apply patches immediately to prevent exploitation.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2026
750
JANUARY 2026
750
DECEMBER 2025
750
NOVEMBER 2025
750
OCTOBER 2025
750
SEPTEMBER 2025
750
AUGUST 2025
750
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Pardus ??
What was Pardus's A.I Rankiteo Cyber Score in June 2026 ??
What was Pardus's A.I Rankiteo Cyber Score in May 2026 ??
What was Pardus's A.I Rankiteo Cyber Score in April 2026 ??
What was Pardus's A.I Rankiteo Cyber Score in March 2026 ??
What was Pardus's A.I Rankiteo Cyber Score in February 2026 ??
What was Pardus's A.I Rankiteo Cyber Score in January 2026 ??
What was Pardus's A.I Rankiteo Cyber Score in December 2025 ??
What was Pardus's A.I Rankiteo Cyber Score in November 2025 ??
What was Pardus's A.I Rankiteo Cyber Score in October 2025 ??
What was Pardus's A.I Rankiteo Cyber Score in September 2025 ??
What was Pardus's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Pardus's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Pardus ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Pardus's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?