๐Ÿ” CVE Alert

CVE-2026-44596

MEDIUM 6.5

Yamcs: No Rate Limiting on Authentication Endpoint

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

Yamcs is a mission control framework. Prior to 5.12.7, the authentication endpoint POST /auth/token in yamcs-core, handled by yamcs-core/src/main/java/org/yamcs/http/auth/AuthHandler.java, lacked any rate limiting, account lockout, or failed-attempt throttling, so an unauthenticated remote attacker could perform unlimited password-guessing attempts against any user account, significantly increasing the risk of successful brute-force attacks. This issue is fixed in versions 5.12.7 and 5.13.0.

CWE CWE-307
Vendor yamcs
Product yamcs
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for yamcs yamcs

Be the first to know when new medium vulnerabilities affecting yamcs yamcs are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

yamcs / yamcs
< 5.12.7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/yamcs/yamcs/security/advisories/GHSA-w5r6-mcgq-7pq4 github.com: https://github.com/yamcs/yamcs/commit/309218c651680f79df11a8d0f8628f7033f98a83 github.com: https://github.com/yamcs/yamcs/commit/64392df531fbcbc65f19ee5724c4c23d289f49fc github.com: https://github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7 github.com: https://github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0