CVE-2026-42568: Yamcs Vulnerable to LDAP Injection in LdapAuthModule

May 26, 2026

An LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping.

References

github.com/advisories/GHSA-cqh3-jg8p-336j
github.com/yamcs/yamcs/releases/tag/yamcs-5.12.7
github.com/yamcs/yamcs/releases/tag/yamcs-5.13.0
github.com/yamcs/yamcs/security/advisories/GHSA-cqh3-jg8p-336j
nvd.nist.gov/vuln/detail/CVE-2026-42568

Code Behaviors & Features

Detect and mitigate CVE-2026-42568 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →