OpenC3 Cosmos - Vulnerability Research

As the research team and authors of this paper, we set out to evaluate the security posture of OpenC3 Cosmos, a widely adopted open-source command and control framework for space mission operations. While OpenC3 Cosmos offers powerful modular capabilities to mission teams, its critical role in managing sensitive operations makes it an attractive target for cyber threats. In this research, we systematically analyzed version 6.0.0 of the software, uncovering several high-impact vulnerabilities—ranging from cross-site scripting and remote code execution to arbitrary file manipulation and insecure authentication mechanisms. These findings, which resulted in the assignment of seven CVEs, highlight the urgent need for improved input validation, stricter access controls, and enhanced container security within mission-critical deployments. Through this research, we aim to inform both the developer community and operational stakeholders of the risks present in current implementations, and to provide actionable recommendations for hardening the security of open-source mission frameworks like OpenC3 Cosmos.

Check out the details here.