CNNVD-202601-2026 Information

CNNVD ID

CNNVD-202601-2026

Related CVE

CVE-2025-68271

• CNNVD Published: 2026-01-13

Description (Chinese)

OpenC3 COSMOS是OpenC3开源的一个应用程序。 OpenC3 COSMOS 5.0.0版本至6.10.1版本存在安全漏洞，该漏洞源于JSON-RPC API中String#convert_to_value对攻击者控制的参数文本解析不当，可能导致未经身份验证的攻击者触发Ruby代码执行。

Description (English)

OpenC3 COSMOS is an application of OpenC3 open source. The security gap between versions 5.0.0 and 6.10.1 of OpenC3 COSMOS stems from the inappropriate interpretation of the text of the parameters of String#convert to value in JSON-RPC API control of the assailant, which could trigger the execution of the Ruby code by the attacker without identification.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

OpenC3

Published

2026-01-13

Last Modified

2026-02-24

References

https://github.com/OpenC3/cosmos/security/advisories/GHSA-w757-4qv9-mghp https://access.redhat.com/security/cve/cve-2025-68271

Patch

https://openc3.com/