Description
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
Published: 2026-04-06
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an attacker to bypass the login process, granting unauthorized access to the application’s resources without needing valid credentials. This is a direct authentication bypass, classified under CWE‑288. The impact is loss of confidentiality and integrity of all data accessible through the system, as any authenticated function becomes available to an unauthenticated user.

Affected Systems

The affected product is Kaleris Yard Management System version 7.2.2.1. No other vendor or product variants are listed as impacted.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, and the EPSS score of less than 1% suggests lower current exploit prevalence, though the vulnerability remains easily exploitable without any complex prerequisites. Attackers likely target the exposed web login endpoint from external networks, as the bypass occurs during the authentication stage. The vulnerability is not listed in the CISA KEV catalog, but its high score warrants immediate attention.

Generated by OpenCVE AI on April 10, 2026 at 19:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to a version that fixes the login bypass
  • Verify that the login interface no longer accepts forged requests
  • Monitor authentication logs for suspicious activity and enforce strict access controls

Generated by OpenCVE AI on April 10, 2026 at 19:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Kaleris Yard Management System Login

Fri, 10 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Kaleris yard Management Solutions
CPEs cpe:2.3:a:kaleris:yard_management_solutions:7.2.2.1:*:*:*:*:*:*:*
Vendors & Products Kaleris yard Management Solutions

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Kaleris Yard Management System Login

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Kaleris YMS v7.2.2.1
Weaknesses CWE-287

Tue, 07 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-288
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Kaleris YMS v7.2.2.1
First Time appeared Kaleris
Kaleris yms
Weaknesses CWE-287
Vendors & Products Kaleris
Kaleris yms

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
References

Subscriptions

Kaleris Yard Management Solutions Yms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-07T13:48:27.943Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31151

cve-icon Vulnrichment

Updated: 2026-04-07T13:47:43.413Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T15:17:09.553

Modified: 2026-04-10T18:02:47.380

Link: CVE-2026-31151

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:49Z

Weaknesses