CVE-2023-45277

HIGH

Yamcs 5.8.6 - Path Traversal in Storage API

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45277. PoCs published by shoucheng3.

AI-analyzed exploit summary The repository appears to be a fork or clone of the Yamcs project with no specific exploit code or technical details related to CVE-2023-45277. It contains standard project files (CI workflows, documentation, build scripts) but lacks any PoC, exploit, or analysis for the CVE.

Description

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.

Exploits (1)

nomisec STUB

by shoucheng3 · poc

https://github.com/shoucheng3/yamcs__yamcs_CVE-2023-45277_5-8-6

View Code ZIP pw:eip

The repository appears to be a fork or clone of the Yamcs project with no specific exploit code or technical details related to CVE-2023-45277. It contains standard project files (CI workflows, documentation, build scripts) but lacks any PoC, exploit, or analysis for the CVE.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Yamcs Mission Control

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/yamcs/yamcs/compare/yamcs-5.8.6...yamcs-5.8.7

Exploit, Third Party Advisory

https://www.linkedin.com/pulse/yamcs-vulnerability-assessment-visionspace-technologies

Scores

CVSS v3 7.5

EPSS 0.0128

EPSS Percentile 80.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

org.yamcs/yamcs 0 - 5.8.7Maven

spaceapplications/yamcs 5.8.6

Published Oct 19, 2023

Tracked Since Feb 18, 2026