CVE-2026-44596
Awaiting Analysis Awaiting Analysis - Queue

Authentication Bypass in Yamcs via Brute Force

Vulnerability report for CVE-2026-44596, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: GitHub, Inc.

Description

Yamcs is a mission control framework. Prior to 5.12.7, the authentication endpoint POST /auth/token in yamcs-core, handled by yamcs-core/src/main/java/org/yamcs/http/auth/AuthHandler.java, lacked any rate limiting, account lockout, or failed-attempt throttling, so an unauthenticated remote attacker could perform unlimited password-guessing attempts against any user account, significantly increasing the risk of successful brute-force attacks. This issue is fixed in versions 5.12.7 and 5.13.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
yamcs yamcs-core 5.12.7
yamcs yamcs-core 5.13.0
yamcs yamcs-core to 5.12.7 (exc)
yamcs yamcs-core to 5.13.0 (exc)
yamcs yamcs to 5.12.7 (exc)
yamcs yamcs From 5.13.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-307 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-44596 is a vulnerability in Yamcs, a mission control framework, affecting versions prior to 5.12.7 and 5.13.0. The authentication endpoint POST /auth/token lacked rate limiting, account lockout, or failed-attempt throttling, allowing unauthenticated remote attackers to perform unlimited password-guessing attempts against any user account. This significantly increases the risk of successful brute-force attacks.

Detection Guidance

To detect this vulnerability, monitor the POST /auth/token endpoint for unusually high request rates from a single IP address. Check for repeated 429 Too Many Requests responses or failed login attempts. Use tools like curl to test the endpoint: curl -X POST http://<yamcs-server>/auth/token -d '{"username":"test","password":"test"}' to observe response times and status codes.

Impact Analysis

An attacker could exploit this vulnerability to repeatedly attempt guessing passwords for any user account without restrictions. This could lead to unauthorized access if weak or common passwords are used. The lack of rate limiting means attackers can automate and execute a high volume of attempts quickly, increasing the likelihood of a successful breach.

Compliance Impact

This vulnerability could potentially violate compliance with GDPR and HIPAA due to insufficient authentication security controls. GDPR requires appropriate technical measures to ensure data protection, including protection against brute-force attacks that could lead to unauthorized access. HIPAA mandates safeguards to protect electronic protected health information, which could be compromised through successful brute-force attacks on authentication endpoints.

Mitigation Strategies

Upgrade Yamcs to version 5.12.7 or 5.13.0 or later. Configure the new rate-limiting option maxAuthRequestsPerSecond (default 5) in the Yamcs server settings. Monitor logs for 429 responses and failed login attempts to identify brute-force attacks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44596. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart