{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/yamcs-core/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["yamcs-core"],"_cs_severities":["medium"],"_cs_tags":["cve","authentication","brute-force"],"_cs_type":"advisory","_cs_vendors":["Yamcs"],"content_html":"\u003cp\u003eA publicly available exploit exists for CVE-2026-44596, a medium-severity vulnerability affecting yamcs-core versions prior to 5.12.7. Discovered by Daniel Miranda Barcelona (Excal1bur), the vulnerability stems from the absence of rate limiting, account lockout mechanisms, or failed attempt throttling on the \u003ccode\u003e/auth/token\u003c/code\u003e authentication endpoint. This lack of protection enables unauthenticated remote attackers to conduct brute-force attacks against user accounts by making unlimited password guessing attempts, potentially leading to unauthorized access to the system. The vulnerability was reported in May 2026, and a fix was released in yamcs-core version 5.12.7 on May 27, 2026. Defenders should upgrade to version 5.12.7 or later to mitigate the risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a yamcs-core instance with a vulnerable version (\u0026lt;= 5.12.6).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts an HTTP POST request targeting the \u003ccode\u003e/auth/token\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe POST request includes a username and a guessed password within the request body.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the POST request to the \u003ccode\u003e/auth/token\u003c/code\u003e endpoint without any delay or limitation on the number of attempts.\u003c/li\u003e\n\u003cli\u003eThe yamcs-core server processes the authentication request without rate limiting or account lockout mechanisms.\u003c/li\u003e\n\u003cli\u003eIf the guessed password is incorrect, the server responds with an authentication failure, but does not prevent further attempts.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats steps 2-6 with different password variations, automating the process to attempt a large number of password combinations.\u003c/li\u003e\n\u003cli\u003eIf a correct password is guessed, the server grants the attacker an authentication token, allowing them to access protected resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-44596 can allow unauthorized access to yamcs-core systems. Attackers can potentially compromise user accounts through brute-force attacks due to the lack of rate limiting on the authentication endpoint. This could lead to data breaches, system manipulation, or other malicious activities, depending on the privileges of the compromised account. Organizations using affected versions of yamcs-core are at risk until they upgrade to version 5.12.7 or later.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade yamcs-core to version 5.12.7 or later to patch CVE-2026-44596.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on the \u003ccode\u003e/auth/token\u003c/code\u003e endpoint at the application or infrastructure level, regardless of patching status (mitigation control).\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for excessive POST requests to the \u003ccode\u003e/auth/token\u003c/code\u003e endpoint, using a detection rule like \u0026quot;Detect Excessive Authentication Attempts to yamcs-core /auth/token\u0026quot;.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T14:02:06Z","date_published":"2026-05-29T14:02:06Z","id":"https://feed.craftedsignal.io/briefs/2026-05-yamcs-auth-bypass/","summary":"A public exploit has been published for CVE-2026-44596, a vulnerability in yamcs-core where the /auth/token authentication endpoint lacks rate limiting, allowing unauthenticated remote attackers to perform unlimited password guessing attempts against any user account, fixed in version 5.12.7.","title":"yamcs-core Authentication Endpoint Brute-Force Vulnerability (CVE-2026-44596)","url":"https://feed.craftedsignal.io/briefs/2026-05-yamcs-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - Yamcs-Core","version":"https://jsonfeed.org/version/1.1"}