Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

OpenC3 — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting OpenC3. AI-powered Chinese analysis, POCs, and references for each vulnerability.

OpenC3 is a space mission operations framework used for satellite command and control. Historically, it has been vulnerable to multiple remote code execution flaws, cross-site scripting, and privilege escalation vulnerabilities. The software's web interface has been particularly susceptible to authentication bypass and insecure deserialization issues. While no major public security incidents have been widely reported, the nine documented CVEs highlight consistent security concerns in its attack surface, particularly around API endpoints and user authentication mechanisms. The framework's complex architecture and extensive permissions model create multiple potential vectors for unauthorized access if not properly configured and maintained.

Top products by OpenC3: cosmos
CVE IDTitleCVSSSeverityPublished
CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool — cosmosCWE-250 9.6 Critical2026-05-04
CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base — cosmosCWE-89 9.6 Critical2026-05-04
CVE-2026-42086 OpenC3 COSMOS: Self-XSS in the Command Sender — cosmosCWE-79 4.6 Medium2026-05-04
CVE-2026-42085 OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames — cosmosCWE-23 4.3 Medium2026-05-04
CVE-2026-42084 OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence — cosmosCWE-620 8.1 High2026-05-04
CVE-2025-68271 Unauthenticated Remote Code Execution in openc3-api — cosmosCWE-95 10.0 Critical2026-01-13
CVE-2024-47529 OpenC3 COSMOS uses clear text storage of password/token (`GHSL-2024-129`) — cosmosCWE-312 5.4 -2024-10-02
CVE-2024-46977 OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`) — cosmosCWE-22 6.5 -2024-10-02
CVE-2024-43795 OpenC3 COSMOS vulnerable to cross-site scripting in Login functionality (`GHSL-2024-128`) — cosmosCWE-79 6.1 -2024-10-02

This page lists every published CVE security advisory associated with OpenC3. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.