A vulnerability described as very critical has been identified in Yamcs up to 5.12.6. Affected by this vulnerability is the function
getRuntime of the file yamcs-core/src/main/java/org/yamcs/algorithms/ScriptAlgorithmExecutorFactory.java of the component Script Algorithm Executor. The manipulation of the argument algorithm text results in os command injection.
This vulnerability is identified as CVE-2026-46562. The attack can be executed remotely. There is not any exploit available.