Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
AnalysisAI
Authentication bypass in Kaleris Yard Management System (YMS) v7.2.2.1 enables unauthenticated remote attackers to completely circumvent login verification and gain unauthorized access to application resources with full confidentiality, integrity, and availability impact. The vulnerability has a 9.8 CVSS score with network-based attack vector requiring no privileges or user interaction. Currently tracked at 2% EPSS (5th percentile) with no confirmed active exploitation (not in CISA KEV), though a public proof-of-concept repository exists on GitHub, significantly elevating exploitation risk for this critical authentication flaw.
Technical ContextAI
This vulnerability represents a CWE-288 (Authentication Bypass Using an Alternate Path or Channel) flaw in the login mechanism of Kaleris Yard Management System, an enterprise logistics platform for managing yard operations, dock scheduling, and warehouse coordination. The authentication bypass likely allows attackers to circumvent normal credential verification through flawed authentication logic, improperly validated tokens, or unprotected alternate access paths. While specific CPE data is incomplete (cpe:2.3:a:n/a:n/a), the affected product is confirmed as Kaleris YMS version 7.2.2.1. Authentication bypass vulnerabilities of this severity class typically stem from missing authentication checks on critical endpoints, improper session management, or logical flaws in credential validation routines that permit direct access to protected resources without proper verification of user identity.
RemediationAI
Organizations running Kaleris YMS v7.2.2.1 should immediately contact Kaleris support for patch availability and upgrade guidance, as no specific patched version number is provided in current vulnerability data. Until a vendor-released patch is confirmed and deployed, implement emergency compensating controls including restricting network access to YMS interfaces through firewall rules limiting exposure to trusted IP ranges only, deploying web application firewall (WAF) rules to detect and block authentication bypass attempts, implementing additional authentication layers through reverse proxy with mandatory multi-factor authentication, and enabling comprehensive logging and monitoring of all access attempts to YMS resources for anomaly detection. Review the technical proof-of-concept at https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31151 to understand specific attack vectors and tailor detection rules accordingly. Consult Kaleris directly through their support channels or the product page at https://kaleris.com/solutions/yard-management/ for official remediation guidance and patch release timelines. Given the critical nature and existence of public exploit code, this should be treated as an emergency-priority remediation with daily vendor communication until resolution.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19271
GHSA-4wx7-2hfw-hhff