CVE-2026-42568 | HackTesting

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.

References

https://github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j

https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7

https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0