CVE-2026-10549

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database.

CVSS

No CVSS.

References

Link	Resource
https://ydb.tech/docs/ru/security-changelog

Configurations

No configuration.

History

02 Jun 2026, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-02 10:16

Updated : 2026-06-02 14:45

NVD link : CVE-2026-10549

Mitre link : CVE-2026-10549

CVE.ORG link : CVE-2026-10549

JSON object : View

Products Affected

No product.

CWE

CWE-280

Improper Handling of Insufficient Permissions or Privileges

JSON object

Attach tags to CVE-2026-10549

Attach tags to `CVE-2026-10549`