CVE-2026-42568

MEDIUM NVD

CVSS Score 4.3

Severity MEDIUM

Published Jun 10, 2026

Vendor unknown

Description

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.

References

https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7
https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0
https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j