HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

LDAP Injection Allows Auth Bypass in YAMCS yamcs‑core 5.12.7 (CVE‑2026‑42568)

A LDAP injection flaw in YAMCS yamcs‑core ≤ 5.12.7 lets attackers craft usernames that turn the LDAP filter into a universal match, bypassing authentication and issuing valid JWT tokens. Organizations using YAMCS for spacecraft telemetry should upgrade immediately.

LiveThreat™ Intelligence · 📅 June 02, 2026· 📰 exploit-db.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
exploit-db.com

LDAP Injection Allows Auth Bypass in YAMCS yamcs‑core 5.12.7 (CVE‑2026‑42568)

What Happened — A flaw in YAMCS yamcs‑core ≤ 5.12.7’s LdapAuthModule fails to escape the LDAP filter string, enabling an attacker to inject arbitrary LDAP queries. By supplying a crafted username (e.g., )(uid=))(|(uid=*), the filter becomes a universal match, granting unauthenticated access and a valid JWT token.

Why It Matters for TPRM

  • Authentication bypass can expose mission‑critical telemetry and command data.
  • Exploitation may lead to lateral movement within downstream services that rely on YAMCS for identity.
  • Third‑party SaaS platforms that embed YAMCS become a direct attack surface.

Who Is Affected — Aerospace & defense contractors, satellite operators, research labs, and any organization using YAMCS as a telemetry/command system (TECH_SAAS / API_PROVIDER).

Recommended Actions

  • Verify YAMCS version; upgrade to 5.12.7 or later.
  • Review LDAP configuration; enforce RFC 4515 escaping or switch to alternative auth modules.
  • Conduct penetration testing of LDAP‑bound endpoints and monitor for anomalous token issuance.

Technical Notes — The vulnerability (CVE‑2026‑42568) is a Remote Auth Bypass via LDAP injection. No CVE‑based patch existed before the advisory; the fix is to upgrade the core library. Exploited by sending a POST to /auth/token with malicious username. Affected data includes authentication tokens and any data accessible to the compromised account. Source: https://www.exploit-db.com/exploits/52603

📰 Original Source
https://www.exploit-db.com/exploits/52603

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →