HomeIntelligenceBrief
VULNERABILITY BRIEF🟡 Medium Vulnerability

YAMCS yamcs-core 5.12.7 Vulnerability Allows Unlimited Brute‑Force Login Attempts

A missing rate‑limiting control in YAMCS yamcs‑core versions prior to 5.12.7 enables unlimited unauthenticated login attempts on the /auth/token endpoint, exposing aerospace and satellite operators to credential‑brute‑force attacks. Third‑party risk managers should confirm remediation and tighten authentication monitoring.

LiveThreat™ Intelligence · 📅 June 02, 2026· 📰 exploit-db.com
🟡
Severity
Medium
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
exploit-db.com

YAMCS yamcs-core 5.12.7 Vulnerability Allows Unlimited Brute‑Force Login Attempts

What Happened — The YAMCS yamcs‑core server (versions < 5.12.7) does not enforce rate‑limiting or lockout on the /auth/token endpoint. An attacker can send unlimited credential‑guessing requests and receive a 401 response for each failed attempt, enabling practical brute‑force attacks.

Why It Matters for TPRM

  • Credential‑brute‑force against a telemetry/control‑system API can lead to full system compromise.
  • Absence of basic rate‑limiting indicates weak security hygiene in a third‑party SaaS provider.
  • Down‑stream customers may inherit the risk without realizing the vendor’s control gaps.

Who Is Affected — Aerospace, satellite, defense, and scientific‑research organisations that integrate YAMCS for mission‑control or telemetry data; the vendor is an API‑provider SaaS platform.

Recommended Actions — Verify that the provider has upgraded to yamcs‑core ≥ 5.12.7, test the /auth/token endpoint for rate‑limiting, enforce MFA for privileged accounts, and add monitoring for repeated failed login attempts.

Technical Notes — Attack vector: unauthenticated HTTP POST to /auth/token; CVE‑2026‑44596, CWE‑307 (Improper Restriction of Excessive Authentication Attempts); CVSS 5.3 (Medium). Fix: upgrade to yamcs‑core 5.12.7 or later. Source: Exploit‑DB 52605

📰 Original Source
https://www.exploit-db.com/exploits/52605

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →