CVE-2026-10549

Vulnerability Description

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database.

Vulnerability Details

Published Date

June 02, 2026

Last Modified

June 02, 2026

CWE ID

CWE-280

Source

NVD

Vendor

Yandex

Product

Yandex Database

External References

https://ydb.tech/docs/ru/security-changelog

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment