External risk intelligence

Yamcs Script Engine Remote Code Execution Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-46621

Yamcs is a mission control framework typically deployed in specialized, restricted environments rather than exposed directly to the public internet. Furthermore, the vulnerability requires high-level authentication and specific administrative privileges (ChangeMissionDatabase) to exploit, making unauthorized public-internet exploitation highly improbable in typical deployments.

Code Injection

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in the Yamcs mission control framework, affecting its script evaluation engine. This flaw could allow an authenticated user with specific administrative privileges to execute arbitrary code on the underlying operating system, potentially leading to a compromise of the host. While the framework is typically deployed in specialized environments and exploitation requires elevated access, the severity of the vulnerability warrants attention to confirm its relevance and exposure within your specific deployment.

  • Allows code execution via script editing.
  • Critical risk if admin credentials are compromised.
  • Confirm if this mission control software is used.

Attack Path

How an attacker could exploit the issue

An attacker with the ability to modify the mission database can alter Python algorithms. This modification allows the injection of malicious code, which can then execute arbitrary Java classes to gain control of the underlying system.

  • Requires authenticated user with specific privilege.
  • Overriding existing Python algorithm logic.
  • Remote code execution on host.

Live Threat

Current exploitation, exposure, and threat context

An authenticated user with specific administrative privileges could alter the logic of Python algorithms within the Yamcs mission control framework, potentially leading to the execution of arbitrary code on the underlying host system. This could occur when the script evaluation engine improperly handles user-controlled algorithm text, allowing for the import and execution of malicious Java classes.

  • System data and logic.
  • Authenticated user overrides algorithm logic.
  • Arbitrary code execution on host.

Operational Fix

Recommended remediation, mitigation, and detection steps

Application owners and platform teams managing the Yamcs mission control framework are likely responsible for addressing this vulnerability. The first practical step is to identify all Yamcs instances, confirm their reachability and criticality, and then determine the accountable owner for remediation planning.

  • Confirm Yamcs instance ownership and criticality.
  • Verify if algorithm editing is enabled.
  • Plan remediation based on risk exposure.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is the Yamcs framework?

Yamcs is a specialized mission control framework used to manage and monitor telemetry and command data, often for aerospace or complex engineering projects. It functions as a centralized engine for data processing, allowing operators to define custom logic through Python-based algorithms to automate various mission-critical tasks and analysis.

What does CVE-2026-46621 mean for Yamcs?

This vulnerability involves Improper Control of Generation of Code (CWE-94). The software's script engine lacks a secure sandbox, meaning it evaluates script text without restrictions. Because the engine connects to the Java environment, an attacker can manipulate these scripts to execute unauthorized system commands or Java classes directly on the server hosting Yamcs.

How is this script engine vulnerability triggered?

Exploitation requires an authenticated user with the 'ChangeMissionDatabase' privilege. An attacker must use the mission database REST API to override the logic of an existing Python algorithm. Simply accessing the system or viewing scripts does not trigger this; the bug is specifically activated by intentionally modifying and saving malicious algorithm code that the engine then executes.

Is my Yamcs instance at risk of remote attack?

According to Halo Surface Signal, this is unlikely. Yamcs is typically deployed in isolated, restricted environments rather than exposed to the public internet. Furthermore, because the flaw requires high-level administrative credentials to perform the necessary database changes, the risk is significantly lower for well-secured internal systems compared to publicly reachable ones.

What should I do if I run Yamcs?

First, verify your current version; if you are running anything prior to 5.12.7, you are affected. Plan an upgrade to 5.12.7 or 5.13.0, which disables algorithm editing by default. Simultaneously, audit your administrative user list to ensure that only trusted personnel hold the ChangeMissionDatabase privilege, as restricting this access is a critical defense against this vulnerability.

References