Description
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.
Published: 2026-06-10
Score: 4.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Yamcs includes an LDAP authentication module that builds LDAP search filters by directly inserting a user supplied username without RFC 4515 escaping. This omission allows an attacker to inject LDAP control characters into the filter string, potentially altering the query to return unexpected results or bypass authentication. The vulnerability is categorized as CWE‑90. While the issue does not grant immediate remote code execution, it can lead to unauthorized access or disclosure of directory contents, thereby compromising confidentiality and integrity of the mission control environment.

Affected Systems

The vulnerability exists in any Yamcs installation using a version older than 5.12.7 or 5.13.0. All releases prior to those patched releases are affected. The affected product is the Yamcs mission control framework from the vendor Yamcs.

Risk and Exploitability

The CVSS score of 4.3 reflects the moderate risk of this flaw; it does not enable remote code execution but can be leveraged by an attacker who can influence the authentication request. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves network or local access to the authentication service where a crafted username can be supplied to the LDAP query. Exploitation requires the ability to send authentication requests to the affected module.

Generated by OpenCVE AI on June 10, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Yamcs to version 5.12.7 or 5.13.0 or later, which includes a fix that properly escapes user input in LDAP filters.
  • If an upgrade cannot be performed immediately, restrict network access to the LDAP authentication endpoint to only trusted internal systems and monitor for anomalous authentication attempts.
  • Implement or enforce input validation that ensures usernames are sanitized or encoded according to RFC 4515 prior to constructing LDAP queries, thereby mitigating injection risk until a vendor patch is applied.

Generated by OpenCVE AI on June 10, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cqh3-jg8p-336j Yamcs Vulnerable to LDAP Injection in LdapAuthModule
History

Wed, 10 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.
Title Yamcs Vulnerable to LDAP Injection in LdapAuthModule
Weaknesses CWE-90
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-10T22:15:52.087Z

Reserved: 2026-04-28T17:26:12.084Z

Link: CVE-2026-42568

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-10T23:16:46.550

Modified: 2026-06-10T23:16:46.550

Link: CVE-2026-42568

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T23:30:44Z

Weaknesses