PatchSiren cyber security CVE debrief
CVE-2026-44595 yamcs CVE debrief
CVE-2026-44595 is a MEDIUM severity vulnerability in the Yamcs mission control framework. The IAM API endpoints in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check, allowing any authenticated user to enumerate all user accounts. This issue is fixed in versions 5.12.7 and 5.13.0. Organizations should review their deployments and apply patches to prevent unauthorized access to user account information.
- Vendor
- yamcs
- Product
- Unknown
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Organizations using Yamcs mission control framework versions prior to 5.12.7 or 5.13.0 should apply patches to prevent unauthorized access to user account information. This includes reviewing deployments, verifying affected scope, and ensuring proper configuration to mitigate potential impacts.
Technical summary
The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check. This allows any authenticated user, even one with low or no privileges, to enumerate all user accounts in the system, including their usernames, superuser status, and group memberships. The issue is addressed in Yamcs versions 5.12.7 and 5.13.0. Organizations should review their deployments, verify affected scope, and ensure proper configuration to mitigate potential impacts. Affected product deployments should be identified in managed environments and assigned an owner for follow-up. Compensating controls for exposed systems should be reviewed while remediation is scheduled and verified.
Defensive priority
Apply patches to prevent unauthorized access to user account information. Restrict access to IAM API endpoints and monitor for unauthorized access attempts.
Recommended defensive actions
- Apply patches to Yamcs mission control framework versions prior to 5.12.7 or 5.13.0
- Restrict access to IAM API endpoints
- Monitor for unauthorized access attempts
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-16T17:16:55.740Z and was last modified on 2026-07-16T17:35:04.970Z. The NVD entry is currently Undergoing Analysis. This information is based on the CVE record and NVD entry. Further verification is recommended to confirm affected scope and severity.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T17:16:55.740Z and has not been modified since then. The NVD entry is currently Undergoing Analysis.