CVE-2026-44595
Awaiting Analysis Awaiting Analysis - Queue

Information Disclosure in Yamcs IAM API

Vulnerability report for CVE-2026-44595, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check in yamcs-core/src/main/java/org/yamcs/http/api/IamApi.java, so any authenticated user, even one with low or no privileges, could enumerate all user accounts in the system including their usernames, superuser status, and group memberships. This issue is fixed in versions 5.12.7 and 5.13.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
yamcs yamcs-core From 5.13.0 (inc)
yamcs yamcs-core to 5.12.7 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-44595 is a vulnerability in Yamcs versions prior to 5.12.7 where IAM API endpoints listUsers, getUser, listGroups, and getGroup did not enforce required SystemPrivilege.ControlAccess checks. This allowed any authenticated user, even with low or no privileges, to enumerate all user accounts including usernames, superuser status, and group memberships.

Detection Guidance

To detect this vulnerability, check if your Yamcs instance is running a version prior to 5.12.7 or 5.13.0. Use commands like 'curl -u username:password http://<yamcs-server>/api/listUsers' to test if unauthorized user enumeration is possible. If the endpoint returns user details without proper authorization, the system is vulnerable.

Impact Analysis

This vulnerability allows attackers to identify privileged accounts and gather sensitive user information like usernames and group memberships. This could enable targeted attacks such as phishing, privilege escalation, or further exploitation of the system by knowing which accounts have higher privileges.

Compliance Impact

This vulnerability could potentially violate compliance with GDPR and HIPAA by exposing sensitive user information such as usernames, superuser status, and group memberships to unauthorized users. Unauthorized access to such data may lead to breaches of confidentiality requirements under these regulations.

Mitigation Strategies

Upgrade Yamcs to version 5.12.7 or 5.13.0 or later to apply the fix. Ensure the SystemPrivilege.ControlAccess check is enforced for listUsers, getUser, listGroups, and getGroup endpoints. Review user privileges and audit logs for any suspicious activity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44595. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart