CVE-2026-42568

CVE-2026-42568 affects YAMCS when LdapAuthModule is configured. The root cause is that the username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, enabling an authentication bypass (e.g., username=*) and potentially granting access to tokens for first matching ...

Yamcs security vulnerabilities

Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. YAMCS has a security vulnerability that stems from the lack of rate limits...

GHSA-2G95-6X5Q-XJWJ Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm override

Remote Code Execution via Mission Database algorithm override Summary The Nashorn ScriptEngine used to evaluate user-supplied algorithm text in MdbOverrideApi.updateAlgorithm is constructed without a ClassFilter, allowing a user with the ChangeMissionDatabase privilege to execute arbitrary Java...

GHSA-524G-X36V-9WM6 Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engine in `JavaExprAlgorithmExecutionFactory`

Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory. The application dynamically compiles and evaluates user-controlled algorithm text without enforcing a secure sandbox. An authenticated user wi...

CVE-2023-45279

Yamcs 5.8.6 allows XSS issue 1 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from...

EUVD-2023-49583

Malicious code in bioql PyPI...

EUVD-2023-51438

Malicious code in bioql PyPI...

CVE-2023-47311

An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking...

CVE-2023-45281

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file...

CVE-2023-45277

Yamcs 5.8.6 is vulnerable to directory traversal issue 1 of 2. The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files...

CVE-2023-46471

Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer...

CVE-2023-45277

Yamcs 5.8.6 is vulnerable to directory traversal issue 1 of 2. The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files...

Yamcs Path Traversal Vulnerability

Yamcs is an open source software framework from Yamcs Open Source. It is used to command and control spacecraft, satellites, payloads, ground stations and ground equipment. A security vulnerability exists in Yamcs version 5.8.6, which stems from a directory traversal vulnerability in the API...