Description
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
Published: 2026-04-06
Score: n/a
EPSS: n/a
KEV: No
Impact: Unauthorized application access via login bypass
Action: Immediate Patch
AI Analysis

Impact

A flaw in the login logic of the Kaleris Yard Management System (YMS) version 7.2.2.1 allows malicious users to bypass authentication checks and gain access to the application’s protected resources without providing valid credentials. The impact is the potential acquisition of confidential data, manipulation of yard operations, or execution of further actions that require authenticated access.

Affected Systems

This vulnerability affects the Kaleris Yard Management System, specifically release 7.2.2.1. The system is used by organizations to manage yard operations and inventory, and the error is present in the core authentication module provided by the vendor.

Risk and Exploitability

No CVSS score, EPSS evaluation, or KEV tagging is available for this vulnerability, making the precise severity difficult to quantify. However, the ability to log in without credentials implies a high impact on confidentiality, integrity, and availability of the system. The likely attack vector is a remote web interface where an attacker can submit crafted requests to the login endpoint, enabling exploitation over the network without requiring local privileges. Given the critical nature of authentication bypasses, the risk level should be treated as high until a patch or effective workaround is applied.

Generated by OpenCVE AI on April 6, 2026 at 17:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued security update for Kaleris YMS v7.2.2.1 as soon as it becomes available.
  • If a patch is not immediately available, isolate the YMS from external networks and restrict access to trusted personnel only, ensuring the login page is only reachable from internal IP ranges.
  • Audit the authentication mechanism to confirm that credential validation is enforced, and consider implementing two‑factor authentication to mitigate potential residual risks.

Generated by OpenCVE AI on April 6, 2026 at 17:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Kaleris YMS v7.2.2.1
First Time appeared Kaleris
Kaleris yms
Weaknesses CWE-287
Vendors & Products Kaleris
Kaleris yms

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
References

Subscriptions

Kaleris Yms
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T14:34:03.724Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31151

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-06T15:17:09.553

Modified: 2026-04-06T15:17:09.553

Link: CVE-2026-31151

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:47:48Z

Weaknesses