← back
CVE-2026-42568

Yamcs Vulnerable to LDAP Injection in LdapAuthModule

CVSS 4.3 MEDIUMEPSS 1.0%CWE-90
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
yamcs · yamcs
public PoCs found2
githubgithub.com/ex-cal1bur/CVE-2026-425680exploitdbwww.exploit-db.com/exploits/52603unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j