CVE-2026-42568
MediumCVSS 4.3Exploitation Probability (EPSS)
Elevated risk75th percentile — higher than 75% of all known CVEs
Summary
In the Yamcs framework, prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in the `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.
Risk Assessment
This vulnerability may allow attackers to manipulate LDAP queries, potentially leading to unauthorized access to data. Organizations should be aware of the risks associated with improper input handling.
Recommendation
It is recommended to upgrade to versions 5.13.0 or 5.12.7 to mitigate this vulnerability. Additionally, an audit of existing LDAP filters should be conducted to ensure their security.
Original NVD description (English source)
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.

