CVE Catalog

CVE-2026-42568

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.82%

75th percentile — higher than 75% of all known CVEs

Summary

In the Yamcs framework, prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in the `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.

Risk Assessment

This vulnerability may allow attackers to manipulate LDAP queries, potentially leading to unauthorized access to data. Organizations should be aware of the risks associated with improper input handling.

Recommendation

It is recommended to upgrade to versions 5.13.0 or 5.12.7 to mitigate this vulnerability. Additionally, an audit of existing LDAP filters should be conducted to ensure their security.

Original NVD description (English source)

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS