Back to CVE List

CVE-2026-42568

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Vulnerability Description

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-90
Source
GitHub
Vendor
maven
Product
org.yamcs:yamcs-core

External References

Discussion (0)

Add Comment

No comments yet. Be the first!