CVE-2026-42088
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation in OpenC3 COSMOS via Script Runner

Publication date: 2026-05-04

Last updated on: 2026-05-07

Assigner: GitHub, Inc.

Description
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the docker containers share a network, users can execute specially crafted scripts to bypass the API permissions check and perform administrative actions, including reading and modifying data inside the Redis database, which can be used to read secrets and change COSMOS settings, as well as read and write to the buckets service, which holds configuration, log, and plugin files. These actions are normally only available from the Admin Console or with administrative privileges. Any user with permission to create and run scripts can connect to any service in the docker network. This issue has been patched in version 7.0.0-rc3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-42088
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openc3 cosmos to 7.0.0-rc3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-250 The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in OpenC3 COSMOS versions prior to 7.0.0-rc3, specifically in the Script Runner widget. It allows users who have permission to create and run scripts to execute specially crafted Python or Ruby scripts within the openc3-COSMOS-script-runner-api container. Because all docker containers share a network, these scripts can bypass API permission checks and perform administrative actions.

These administrative actions include reading and modifying data inside the Redis database, which can expose secrets and allow changes to COSMOS settings. Additionally, the scripts can read and write to the buckets service, which contains configuration, log, and plugin files. Normally, these actions require administrative privileges or access through the Admin Console.

Impact Analysis

The vulnerability can have a significant impact by allowing unauthorized users with script execution permissions to escalate their privileges and perform administrative actions. This includes accessing sensitive data such as secrets stored in the Redis database, modifying system settings, and altering configuration, log, and plugin files.

Such unauthorized access and modifications can compromise the integrity and confidentiality of the system, potentially leading to data breaches, system misconfigurations, and disruption of normal operations.

Mitigation Strategies

To mitigate this vulnerability, upgrade OpenC3 COSMOS to version 7.0.0-rc3 or later, where the issue has been patched.

Additionally, restrict permissions to create and run scripts to trusted users only, as any user with such permissions can exploit this vulnerability.

Compliance Impact

This vulnerability allows users with script execution permissions to bypass API permission checks and perform administrative actions, including reading secrets and modifying configuration and log files. Such unauthorized access and potential data exposure could lead to violations of data protection standards and regulations that require strict access controls and data confidentiality, such as GDPR and HIPAA.

Specifically, the ability to read and modify sensitive data and configuration settings without proper authorization increases the risk of data breaches and unauthorized data processing, which are critical compliance concerns under these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42088. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart