CVE-2026-42568

Name of the Vulnerable Software and Affected Versions Yamcs versions prior to 5.12.7 Yamcs versions prior to 5.13.0

Description An LDAP injection occurs in org.yamcs.security.LdapAuthModule during the construction of search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping, which is a standard for encoding search filters to prevent special characters from altering the query logic. This allows LDAP wildcard characters such as *, (, and ) to be processed without sanitization. An attacker with a known valid password can use a value like username=* to authenticate as the first user returned by the LDAP search, potentially leading to horizontal privilege escalation. This issue affects deployments using org.yamcs.security.LdapAuthModule in the etc/security.yaml configuration file.

Recommendations Update to version 5.12.7. Update to version 5.13.0.