org.yamcs:yamcs-core
Maven6 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.yamcs:yamcs-corepage 1 of 1
- CVE-2026-42568MEDIUMCVSS 4.3EG 4.3✓ Fixed in 5.12.72026-05-26
vulnerable: 0.29.3 ... 5.9.9 (165 versions)
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the…
- CVE-2026-44595MEDIUMCVSS 4.3EG 4.3✓ Fixed in 5.12.72026-05-27
vulnerable: 0.29.3 ... 5.9.9 (165 versions)
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints ### Summary The IAM API endpoints (`listUsers`, `getUser`, `listGroups`, and `getGroup`) in `yamcs-core` do not enforce the required `SystemPrivilege.ControlAccess` …
- CVE-2026-44596MEDIUMCVSS 6.5EG 6.5✓ Fixed in 5.12.72026-05-27
vulnerable: 0.29.3 ... 5.9.9 (165 versions)
Yamcs has No Rate Limiting on Authentication Endpoint ### Summary The authentication endpoint `POST /auth/token` in `yamcs-core` lacks any form of rate limiting, account lockout, or failed attempt throttling. As a result, an unauthentica…
- CVE-2026-44632CRITICALCVSS 9.1EG 9.1✓ Fixed in 5.12.72026-05-27
vulnerable: 0.29.3 ... 5.9.9 (165 versions)
Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory` ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.al…
- CVE-2026-46562CRITICALCVSS 9.8EG 9.8✓ Fixed in 5.12.72026-05-27
vulnerable: 0.29.3 ... 5.9.9 (165 versions)
Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override # Remote Code Execution via Mission Database algorithm override ## Summary The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in `Md…
- CVE-2026-46621CRITICALCVSS 9.1EG 9.1✓ Fixed in 5.12.72026-05-27
vulnerable: 0.29.3 ... 5.9.9 (165 versions)
Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection ### Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application d…
Check whether org.yamcs:yamcs-core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.yamcs:yamcs-core CVEs against the assets you own.
Start Free Scan →