Vendor
medium
advisory
yamcs-core Authentication Endpoint Brute-Force Vulnerability (CVE-2026-44596)
1 rule 1 TTPA public exploit has been published for CVE-2026-44596, a vulnerability in yamcs-core where the /auth/token authentication endpoint lacks rate limiting, allowing unauthenticated remote attackers to perform unlimited password guessing attempts against any user account, fixed in version 5.12.7.
yamcs-core
cve
authentication
brute-force
1r
1t
critical
threat
Yamcs Authenticated Remote Code Execution via Jython Algorithm Code Injection
2 rules 1 TTP 1 IOCYamcs is vulnerable to authenticated remote code execution (CVE-2026-46621) where an authenticated user with the ChangeMissionDatabase privilege can inject malicious Jython code into existing Python algorithms, leading to arbitrary command execution on the underlying host operating system.
yamcs-core
rce
code-injection
yamcs
2r
1t
1i