Daniel Miranda Barcelona (Excal1bur) - Security Researcher

CVE-2026-42568 EXPLOITDB MEDIUM python WORKING POC

YAMCS yamcs-core 5.12.7 - LDAP Injection

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13.0 and 5.12.7 patch the issue.

CVSS 4.3

View Code

CVE-2026-44596 EXPLOITDB bash WORKING POC

YAMCS yamcs-core 5.12.7 - No Rate Limiting

View Code

CVE-2026-44595 EXPLOITDB python WORKING POC

YAMCS yamcs-core 5.12.7 - User Enumeration

View Code