Share
## https://sploitus.com/exploit?id=46A24B0E-D0DE-5574-B40A-649621491E6E
# CVE-2026-55511 PoC

Non-weaponized proof of concept for a Yamcs Yarch SQL quoted-identifier code-generation issue.

The PoC does not contact a live Yamcs server or execute operating-system commands. It checks the relevant Yamcs source path, generates a small Java model of the vulnerable aggregate code-generation pattern, and sets a benign JVM property as the execution marker.

## Requirements

- Python 3.9+
- A local Yamcs source checkout
- Optional JDK (`javac` and `java`) for the benign marker test

## Usage

```bash
cd /path/to/yamcs
python3 /path/to/poc.py \
  --json /tmp/evidence.json \
  --log /tmp/crash_evidence.log \
  --expect-crash
```

Expected indicators:

```text
source_chain_confirmed=true
generated_source_injection_present=true
marker_executed=true
```

## Evidence

- [`evidence/evidence.json`](evidence/evidence.json): structured source-chain and Java-model results
- [`evidence/crash_evidence.log`](evidence/crash_evidence.log): concise validation log

The included evidence was produced against Yamcs source commit `98a05e95461207c143e4297ec4bb1b5a76e9cb19`.

Use only in environments you own or are explicitly authorized to test.