CVE-2026-42568
- Source
- https://cve.org/CVERecord?id=CVE-2026-42568
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42568.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-42568
- Aliases
- Published
- 2026-06-10T22:15:52.087Z
- Modified
- 2026-06-18T03:56:11.675460908Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Yamcs Vulnerable to LDAP Injection in LdapAuthModule
- Details
-
Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in
org.yamcs.security.LdapAuthModulewhen constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42568.json", "cwe_ids": [ "CWE-90" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7
- https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42568.json
- https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j
- https://nvd.nist.gov/vuln/detail/CVE-2026-42568
Affected packages
Git / github.com/yamcs/yamcs
Affected versions
Other
before-removing-cfdp-half-implemented-features
v0.*
v0.26.0
v0.26.1
v0.28.0
v0.28.0-20150811
v0.28.0-20150817
v0.28.0-20150820
v0.28.0-20150824
v0.28.0-20150825
v0.28.0-20150826
v0.28.0-20150827
v0.28.0-20150828
v0.28.0-20150901
v0.28.0-20150902
v0.28.0-20150902-2
v0.28.0-20150903
v0.29.0
v0.29.1
v0.29.1-20151214
v0.29.1-20160119
v0.29.1-20160127
v0.29.3
v0.29.3-20160608
v0.29.4
yamcs-0.*
yamcs-0.30.0
yamcs-3.*
yamcs-3.0.0
yamcs-3.1.0
yamcs-3.1.1
yamcs-3.1.2
yamcs-3.2.0
yamcs-3.2.1
yamcs-3.2.2
yamcs-3.3.0
yamcs-3.4.0
yamcs-4.*
yamcs-4.0.1
yamcs-4.1.1
yamcs-4.1.2
yamcs-4.10.0
yamcs-4.10.1
yamcs-4.10.2
yamcs-4.10.3
yamcs-4.10.4
yamcs-4.10.5
yamcs-4.10.6
yamcs-4.10.7
yamcs-4.10.8
yamcs-4.10.9
yamcs-4.2.0
yamcs-4.2.1
yamcs-4.2.2
yamcs-4.3.0
yamcs-4.3.1
yamcs-4.4.0
yamcs-4.4.1
yamcs-4.4.2
yamcs-4.7
yamcs-4.7.1
yamcs-4.7.2
yamcs-4.7.3
yamcs-4.8.0
yamcs-4.8.1
yamcs-4.9.0
yamcs-4.9.1
yamcs-4.9.2
yamcs-4.9.3
yamcs-4.9.4
yamcs-4.9.5
yamcs-5.*
yamcs-5.0.0
yamcs-5.0.1
yamcs-5.1.0
yamcs-5.1.1
yamcs-5.1.2
yamcs-5.1.3
yamcs-5.10.0
yamcs-5.10.1
yamcs-5.10.2
yamcs-5.10.3
yamcs-5.10.4
yamcs-5.10.5
yamcs-5.10.6
yamcs-5.10.7
yamcs-5.10.8
yamcs-5.10.9
yamcs-5.11.0
yamcs-5.11.1
yamcs-5.11.2
yamcs-5.11.3
yamcs-5.11.4
yamcs-5.11.5
yamcs-5.11.6
yamcs-5.11.7
yamcs-5.12.0
yamcs-5.12.1
yamcs-5.12.2
yamcs-5.12.3
yamcs-5.12.4
yamcs-5.12.5
yamcs-5.12.6
yamcs-5.2.0
yamcs-5.3.0
yamcs-5.3.1
yamcs-5.3.2
yamcs-5.3.3
yamcs-5.3.4
yamcs-5.3.5
yamcs-5.4.0
yamcs-5.4.1
yamcs-5.4.2
yamcs-5.4.3
yamcs-5.5.0
yamcs-5.5.1
yamcs-5.5.2
yamcs-5.5.3
yamcs-5.5.4
yamcs-5.5.5
yamcs-5.5.6
yamcs-5.5.7
yamcs-5.6.0
yamcs-5.6.1
yamcs-5.6.2
yamcs-5.7.0
yamcs-5.7.1
yamcs-5.7.10
yamcs-5.7.2
yamcs-5.7.3
yamcs-5.7.4
yamcs-5.7.5
yamcs-5.7.6
yamcs-5.7.7
yamcs-5.7.8
yamcs-5.7.9
yamcs-5.8.0
yamcs-5.8.1
yamcs-5.8.2
yamcs-5.8.3
yamcs-5.8.4
yamcs-5.8.5
yamcs-5.8.6
yamcs-5.8.7
yamcs-5.8.8
yamcs-5.9.0
yamcs-5.9.1
yamcs-5.9.2
yamcs-5.9.3
yamcs-5.9.4
yamcs-5.9.5
yamcs-5.9.6
yamcs-5.9.7
yamcs-5.9.8