CVE-2026-42085 (GCVE-0-2026-42085)
Vulnerability from cvelistv5 – Published: 2026-05-04 17:13 – Updated: 2026-05-04 18:47
VLAI
Title
OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames
Summary
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3.
Severity
4.3 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/OpenC3/cosmos/security/advisor… | x_refsource_CONFIRM |
| https://github.com/OpenC3/cosmos/commit/9957a9fa4… | x_refsource_MISC |
| https://github.com/OpenC3/cosmos/commit/e6efccbd1… | x_refsource_MISC |
| https://github.com/OpenC3/cosmos/releases/tag/v6.10.5 | x_refsource_MISC |
| https://github.com/OpenC3/cosmos/releases/tag/v7.… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-42085",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T18:43:28.813129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T18:47:32.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cosmos",
"vendor": "OpenC3",
"versions": [
{
"status": "affected",
"version": "\u003c 6.10.5"
},
{
"status": "affected",
"version": "\u003e= 7.0.0.pre.rc1, \u003c 7.0.0-rc3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T17:13:39.277Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h"
},
{
"name": "https://github.com/OpenC3/cosmos/commit/9957a9fa460c0c0cf5cdbf6a5931bbdd025246a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenC3/cosmos/commit/9957a9fa460c0c0cf5cdbf6a5931bbdd025246a5"
},
{
"name": "https://github.com/OpenC3/cosmos/commit/e6efccbd148ba0e3361c5891027f2373aa140d42",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenC3/cosmos/commit/e6efccbd148ba0e3361c5891027f2373aa140d42"
},
{
"name": "https://github.com/OpenC3/cosmos/releases/tag/v6.10.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenC3/cosmos/releases/tag/v6.10.5"
},
{
"name": "https://github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3"
}
],
"source": {
"advisory": "GHSA-4jvx-93h3-f45h",
"discovery": "UNKNOWN"
},
"title": "OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-42085",
"datePublished": "2026-05-04T17:13:39.277Z",
"dateReserved": "2026-04-23T19:17:30.566Z",
"dateUpdated": "2026-05-04T18:47:32.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-42085",
"date": "2026-05-29",
"epss": "0.00049",
"percentile": "0.15496"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-42085\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-04T18:16:30.510\",\"lastModified\":\"2026-05-08T19:54:30.723\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-23\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openc3:cosmos:*:*:*:*:open_source:*:*:*\",\"versionEndExcluding\":\"6.10.5\",\"matchCriteriaId\":\"930EEABE-50A2-4005-AE3C-2D14AF5A60BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openc3:cosmos:7.0.0:rc1:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"38B72355-49A3-4D2F-BFDB-EE53C9E2C7AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openc3:cosmos:7.0.0:rc2:*:*:open_source:*:*:*\",\"matchCriteriaId\":\"13E3A0EA-1085-4505-80BB-C0B133EC3498\"}]}]}],\"references\":[{\"url\":\"https://github.com/OpenC3/cosmos/commit/9957a9fa460c0c0cf5cdbf6a5931bbdd025246a5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OpenC3/cosmos/commit/e6efccbd148ba0e3361c5891027f2373aa140d42\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OpenC3/cosmos/releases/tag/v6.10.5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-42085\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-04T18:43:28.813129Z\"}}}], \"references\": [{\"url\": \"https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-04T18:43:06.693Z\"}}], \"cna\": {\"title\": \"OpenC3 COSMOS: Arbitrary write to plugins directory via path-traversed config filenames\", \"source\": {\"advisory\": \"GHSA-4jvx-93h3-f45h\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OpenC3\", \"product\": \"cosmos\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 6.10.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.0.0.pre.rc1, \u003c 7.0.0-rc3\"}]}], \"references\": [{\"url\": \"https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h\", \"name\": \"https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OpenC3/cosmos/commit/9957a9fa460c0c0cf5cdbf6a5931bbdd025246a5\", \"name\": \"https://github.com/OpenC3/cosmos/commit/9957a9fa460c0c0cf5cdbf6a5931bbdd025246a5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenC3/cosmos/commit/e6efccbd148ba0e3361c5891027f2373aa140d42\", \"name\": \"https://github.com/OpenC3/cosmos/commit/e6efccbd148ba0e3361c5891027f2373aa140d42\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenC3/cosmos/releases/tag/v6.10.5\", \"name\": \"https://github.com/OpenC3/cosmos/releases/tag/v6.10.5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3\", \"name\": \"https://github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-23\", \"description\": \"CWE-23: Relative Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-04T17:13:39.277Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-42085\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-04T18:47:32.584Z\", \"dateReserved\": \"2026-04-23T19:17:30.566Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-04T17:13:39.277Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-42085
Vulnerability from fkie_nvd - Published: 2026-05-04 18:16 - Updated: 2026-05-08 19:54
Severity
Summary
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openc3:cosmos:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "930EEABE-50A2-4005-AE3C-2D14AF5A60BD",
"versionEndExcluding": "6.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openc3:cosmos:7.0.0:rc1:*:*:open_source:*:*:*",
"matchCriteriaId": "38B72355-49A3-4D2F-BFDB-EE53C9E2C7AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openc3:cosmos:7.0.0:rc2:*:*:open_source:*:*:*",
"matchCriteriaId": "13E3A0EA-1085-4505-80BB-C0B133EC3498",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3."
}
],
"id": "CVE-2026-42085",
"lastModified": "2026-05-08T19:54:30.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-05-04T18:16:30.510",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OpenC3/cosmos/commit/9957a9fa460c0c0cf5cdbf6a5931bbdd025246a5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OpenC3/cosmos/commit/e6efccbd148ba0e3361c5891027f2373aa140d42"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/OpenC3/cosmos/releases/tag/v6.10.5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-4JVX-93H3-F45H
Vulnerability from github – Published: 2026-04-22 22:22 – Updated: 2026-05-04 20:08
VLAI
Summary
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
Details
Summary
OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory.
Details
In function save_tool_config() (local_mode.rb) responsible for saving user-supplied tool configuration, the desired saving directory is not sufficiently enforced, instead allowing writes inside entire OPENC3_LOCAL_MODE_PATH.
PoC
- Navigate to any tool that enables “Save Configuration” option in left-hand drop-down menu (here Limits Monitor as an example)
- Save a new config with path traversal name using “../” sequences to escape desired directory (up to 3 levels high)
- Observe new files created in /plugins directory by inspecting docker container directly (
openc3-COSMOS-cmd-tlm-api) or using Bucket Explorer (plugin_default)
Impact
Modifying the data of other plugins
Severity
4.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "openc3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.10.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "openc3"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0.pre.rc1"
},
{
"fixed": "7.0.0-rc3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42085"
],
"database_specific": {
"cwe_ids": [
"CWE-23"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T22:22:02Z",
"nvd_published_at": "2026-05-04T18:16:30Z",
"severity": "MODERATE"
},
"details": "### Summary\nOpenC3 COSMOS contains a design flaw in the `save_tool_config()` function that allows saving tool configuration files at arbitrary locations inside the shared `/plugins` directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared `/plugins` directory.\n\n### Details\nIn function `save_tool_config()` ([local_mode.rb](https://github.com/OpenC3/cosmos/blob/397abec0d57972881a2e8dc10902d0dce9c27f42/openc3/lib/openc3/utilities/local_mode.rb#L452)) responsible for saving user-supplied tool configuration, the desired saving directory is not sufficiently enforced, instead allowing writes inside entire `OPENC3_LOCAL_MODE_PATH`.\n\n### PoC\n1.\tNavigate to any tool that enables \u201cSave Configuration\u201d option in left-hand drop-down menu (here Limits Monitor as an example)\n2.\tSave a new config with path traversal name using \u201c../\u201d sequences to escape desired directory (up to 3 levels high)\n3.\tObserve new files created in /plugins directory by inspecting docker container directly (`openc3-COSMOS-cmd-tlm-api`) or using Bucket Explorer (`plugin_default`)\n\n\u003cimg width=\"811\" height=\"584\" alt=\"image\" src=\"https://github.com/user-attachments/assets/015a59b4-8b18-4801-aef0-df4831d5c1c3\" /\u003e\n\u003cimg width=\"720\" height=\"664\" alt=\"image\" src=\"https://github.com/user-attachments/assets/8ca4a5b7-ee45-4c3b-99f6-f41f974a74a7\" /\u003e\n\n### Impact\nModifying the data of other plugins",
"id": "GHSA-4jvx-93h3-f45h",
"modified": "2026-05-04T20:08:50Z",
"published": "2026-04-22T22:22:02Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/OpenC3/cosmos/security/advisories/GHSA-4jvx-93h3-f45h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42085"
},
{
"type": "WEB",
"url": "https://github.com/OpenC3/cosmos/commit/9957a9fa460c0c0cf5cdbf6a5931bbdd025246a5"
},
{
"type": "WEB",
"url": "https://github.com/OpenC3/cosmos/commit/e6efccbd148ba0e3361c5891027f2373aa140d42"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenC3/cosmos"
},
{
"type": "WEB",
"url": "https://github.com/OpenC3/cosmos/releases/tag/v6.10.5"
},
{
"type": "WEB",
"url": "https://github.com/OpenC3/cosmos/releases/tag/v7.0.0-rc3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…