CVE-2026-1816— OTP Bypass in TEİAŞ's Mobile Application

CVSS 6.3 · Medium EPSS 0.04% · P11 Updated May 22, 2026

Possible ATT&CK Techniques 2AI

T1110.003 · Password Spraying T1110 · Brute Force

Affected Version Matrix 1

Vendor	Product	Version Range	Status
Turkiye Electricity Transmission Corporation (TEİAŞ)	Mobile Application	`1.6.2< 1.13`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-1816

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

OTP Bypass in TEİAŞ's Mobile Application

Source: NVD (National Vulnerability Database)

Vulnerability Description

Improper restriction of excessive authentication attempts vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Brute Force. This issue affects Mobile Application: from 1.6.2 before 1.13.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

过多认证尝试的限制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

TEİAŞ Mobile Application 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

TEİAŞ Mobile Application是土耳其TEİAŞ公司的一个提供电力传输运营信息查询与业务服务的移动应用程序。 TEİAŞ Mobile Application 1.6.2至1.13之前版本存在安全漏洞，该漏洞源于对过多身份验证尝试的限制不当，可能导致暴力攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Turkiye Electricity Transmission Corporation (TEİAŞ)	Mobile Application	1.6.2 ~ 1.13	-

II. Public POCs for CVE-2026-1816

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-1816

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-1816 (1)

T.C. Siber Güvenlik Başkanlığı - Güvenlik Bildirimleri Detaygovernment-resource

https://nvd.nist.gov/vuln/detail/CVE-2026-1816

IV. Related Vulnerabilities

Same product: Mobile Application

Same vendor: Turkiye Electricity Transmission Corporation (TEİAŞ)

CVE-2026-1815
Session Hijacking in TEİAŞ's Mobile Application

Same weakness: CWE-307

V. Comments for CVE-2026-1816

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-1816— OTP Bypass in TEİAŞ's Mobile Application

Possible ATT&CK Techniques 2AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-1816

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-1816

III. Intelligence Information for CVE-2026-1816

Vendor Advisories for CVE-2026-1816 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-1816

Leave a comment