CVE-2026-1618

Published: Feb 13, 2026Modified: Mar 2, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: iletisim@usom.gov.tr

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Universal Software Inc. FlexCity/Kiosk allows Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

Affected (1)

Products: Uni Yaz: Flexcity

Uni Yaz

1 product

Flexcity

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Uni Yaz Flexcity	From 1.0 to 1.0.36

Related CWEs

CWE-288

Authentication Bypass Using an Alternate Path or Channel

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

References (1)

https://www.usom.gov.tr/bildirim/tr-26-0065

Source: iletisim@usom.gov.tr

Third Party Advisory

Timeline

No history available yet.