Product
Yamcs is vulnerable to authenticated remote code execution (CVE-2026-46621) where an authenticated user with the ChangeMissionDatabase privilege can inject malicious Jython code into existing Python algorithms, leading to arbitrary command execution on the underlying host operating system.