Yamcs
Products
2- 8 CVEs
- 0 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46621 | cri | 0.59 | — | 0.00 | May 27, 2026 | ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython (via the JSR-223 ScriptEngine API) without enforcing a secure… | ||
| CVE-2026-46562 | cri | 0.59 | — | 0.01 | May 27, 2026 | # Remote Code Execution via Mission Database algorithm override ## Summary The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in `MdbOverrideApi.updateAlgorithm` is constructed without a `ClassFilter`, allowing a user with the `ChangeMissionDatabase`… | ||
| CVE-2026-44632 | cri | 0.59 | — | 0.00 | May 27, 2026 | ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`). The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure… | ||
| CVE-2026-42568 | Med | 0.31 | 4.3 | 0.01 | Jun 10, 2026 | Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515… | ||
| CVE-2026-44596 | 0.03 | — | 0.00 | May 27, 2026 | ### Summary The authentication endpoint `POST /auth/token` in `yamcs-core` lacks any form of rate limiting, account lockout, or failed attempt throttling. As a result, an unauthenticated remote attacker can perform unlimited password guessing attempts against any user account. … | |||
| CVE-2026-44595 | 0.03 | — | 0.00 | May 27, 2026 | ### Summary The IAM API endpoints (`listUsers`, `getUser`, `listGroups`, and `getGroup`) in `yamcs-core` do not enforce the required `SystemPrivilege.ControlAccess` check. As a result, **any authenticated user** (even those with low or no privileges) can enumerate all user… | |||
| CVE-2023-47311 | 0.00 | — | 0.00 | Nov 20, 2023 | An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking. | |||
| CVE-2023-45281 | 0.00 | — | 0.00 | Oct 19, 2023 | An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file. |
- risk 0.59cvss —epss 0.00
### Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython (via the JSR-223 ScriptEngine API) without enforcing a secure…
- risk 0.59cvss —epss 0.01
# Remote Code Execution via Mission Database algorithm override ## Summary The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in `MdbOverrideApi.updateAlgorithm` is constructed without a `ClassFilter`, allowing a user with the `ChangeMissionDatabase`…
- risk 0.59cvss —epss 0.00
### Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`). The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure…
- risk 0.31cvss 4.3epss 0.01
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515…
- CVE-2026-44596May 27, 2026risk 0.03cvss —epss 0.00
### Summary The authentication endpoint `POST /auth/token` in `yamcs-core` lacks any form of rate limiting, account lockout, or failed attempt throttling. As a result, an unauthenticated remote attacker can perform unlimited password guessing attempts against any user account. …
- CVE-2026-44595May 27, 2026risk 0.03cvss —epss 0.00
### Summary The IAM API endpoints (`listUsers`, `getUser`, `listGroups`, and `getGroup`) in `yamcs-core` do not enforce the required `SystemPrivilege.ControlAccess` check. As a result, **any authenticated user** (even those with low or no privileges) can enumerate all user…
- CVE-2023-47311Nov 20, 2023risk 0.00cvss —epss 0.00
An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking.
- CVE-2023-45281Oct 19, 2023risk 0.00cvss —epss 0.00
An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.