8.1

CVE-2026-42084

Exploit

OpenC3 COSMOS: Hijacked session token can be used to reset password for persistence

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to gain persistence in hijacked account (including admin) and prevent legitimate users from accessing the account. This issue has been patched in versions 6.10.5 and 7.0.0-rc3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openc3Cosmos SwEditionopen_source Version < 6.10.5
Openc3Cosmos Version7.0.0 Updaterc1 SwEditionopen_source
Openc3Cosmos Version7.0.0 Updaterc2 SwEditionopen_source
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.219
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-advisories@github.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-620 Unverified Password Change

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

https://github.com/OpenC3/cosmos/security/advisories/GHSA-wgx6-g857-jjf7
Vendor Advisory
Exploit
https://github.com/OpenC3/cosmos/commit/2e623714e3426d5ae81b6f8239d4a2a6937ef776
Patch
https://github.com/OpenC3/cosmos/releases/tag/v6.10.5
Release Notes
https://github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3
Release Notes