CVE-2026-46562
Yamcs · Yamcs
A code injection vulnerability in the Yamcs mission control framework allows unauthenticated attackers to execute arbitrary OS commands via the Nashorn ScriptEngine.
Executive summary
A critical code injection vulnerability in Yamcs allows unauthenticated remote attackers to execute arbitrary system commands, posing a total compromise risk to the host environment.
Vulnerability
The vulnerability exists because the Nashorn ScriptEngine fails to implement a ClassFilter when processing user-supplied JavaScript algorithms. This allows an unauthenticated attacker to inject malicious code that invokes arbitrary Java classes, resulting in OS command execution as the Yamcs process.
Business impact
Successful exploitation of this vulnerability grants an attacker full control over the Yamcs process and the underlying host system. Given the CVSS score of 9.8, this represents an extreme risk, enabling data theft, lateral movement, or complete system destruction.
Remediation
Immediate Action: Upgrade the Yamcs installation to version 5.12.7 or 5.13.0 immediately. These versions disable algorithm editing by default and implement the necessary security filters.
Proactive Monitoring: Review application logs for unauthorized calls to the MdbOverrideApi endpoint or suspicious JavaScript activity within algorithm definitions.
Compensating Controls: If immediate patching is not feasible, restrict network access to the Yamcs management interface using a Web Application Firewall or network segmentation to prevent external access.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability is critical and requires immediate attention to prevent unauthorized system access. Administrators should prioritize the deployment of the vendor-provided patch to remediate the unsafe evaluation of dynamic code.