CVE-2026-31151 - Vulnerability Details - OpenCVE

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Kaleris Subscribe	Yms Subscribe

Project Subscriptions

Vendors	Products
Kaleris Subscribe	Yms Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31151
https://kaleris.com/solutions/yard-management/

History

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
Title		Authentication Bypass in Kaleris YMS v7.2.2.1
First Time appeared		Kaleris Kaleris yms
Weaknesses		CWE-287
Vendors & Products		Kaleris Kaleris yms

Mon, 06 Apr 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources.
References		https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31151 https://kaleris.com/solutions/yard-management/

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-06T00:00:00.000Z

Updated: 2026-04-06T14:34:03.724Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31151

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-06T15:17:09.553

Modified: 2026-04-06T15:17:09.553

Link: CVE-2026-31151

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-06T21:47:48Z

Weaknesses

CWE-287

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "7.2.2.1"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "yms", "vendor": "kaleris"}], "analysis": {"en": {"generated_at": "2026-04-06T17:24:46.580882+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011issued security update for Kaleris YMS v7.2.2.1 as soon as it becomes available.", "If a patch is not immediately available, isolate the YMS from external networks and restrict access to trusted personnel only, ensuring the login page is only reachable from internal IP ranges.", "Audit the authentication mechanism to confirm that credential validation is enforced, and consider implementing two\u2011factor authentication to mitigate potential residual risks."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized application access via login bypass"}, "threat_synthesis": {"affected_systems": "This vulnerability affects the Kaleris Yard Management System, specifically release 7.2.2.1. The system is used by organizations to manage yard operations and inventory, and the error is present in the core authentication module provided by the vendor.", "description_and_impact": "A flaw in the login logic of the Kaleris Yard Management System (YMS) version 7.2.2.1 allows malicious users to bypass authentication checks and gain access to the application\u2019s protected resources without providing valid credentials. The impact is the potential acquisition of confidential data, manipulation of yard operations, or execution of further actions that require authenticated access.", "risk_and_exploitability": "No CVSS score, EPSS evaluation, or KEV tagging is available for this vulnerability, making the precise severity difficult to quantify. However, the ability to log in without credentials implies a high impact on confidentiality, integrity, and availability of the system. The likely attack vector is a remote web interface where an attacker can submit crafted requests to the login endpoint, enabling exploitation over the network without requiring local privileges. Given the critical nature of authentication bypasses, the risk level should be treated as high until a patch or effective workaround is applied."}}}}, "created": "2026-04-06T20:21:57.961639+00:00", "title": "Authentication Bypass in Kaleris YMS v7.2.2.1", "updated": "2026-04-06T21:47:48.672242+00:00", "vendors": ["kaleris", "kaleris$PRODUCT$yms"], "weaknesses": ["CWE-287"]}