YMFE Yapi Improper Certificate Validation Vulnerability

Vulnerability

A vulnerability exists in YMFE Yapi version 1.12.0, where the application improperly validates TLS/SSL certificates. This is achieved by configuring the Axios HTTPS agent to disable certificate validation, allowing man-in-the-middle attackers to spoof servers and intercept sensitive information.

Impact

Exploitation of this vulnerability allows for man-in-the-middle attacks, where an attacker can intercept and potentially alter communications between the client and server.

Added: Feb 23, 2026, 4:32 PM

Updated: Feb 23, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

3.1

exploitability

6.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

3.1

exploitability

6.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

YMFE Yapi Improper Certificate Validation Vulnerability

Vulnerability

Impact

Affected Products

YMFE yapi

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating