CVE-2026-42568 | THREATINT

Description

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.

PUBLISHED Reserved 2026-04-28 | Published 2026-06-10 | Updated 2026-06-10 | Assigner GitHub_M

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Product status

< 5.12.7

affected

References

github.com/.../yamcs/security/advisories/GHSA-cqh3-jg8p-336j

github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7

github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0

cve.org (CVE-2026-42568)

nvd.nist.gov (CVE-2026-42568)

Download JSON