LDAP Filter Injection in Yandex Database
CVE-2026-10549

5.3MEDIUM

Key Information:

Vendor: Yandex
Status: Yandex Database
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-10549?

The identified vulnerability in Yandex Database enables a remote attacker with valid LDAP credentials to exploit LDAP filter injection, effectively bypassing essential group membership checks. This flaw can lead to unauthorized access to database resources, posing significant risks to data integrity and confidentiality in affected systems. Users are urged to update to version 25.3.1.25 or later to mitigate this issue.

Affected Version(s)

Yandex Database 0 < 25.3.1.25

References

https://ydb.tech/docs/ru/security-changelog

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Jun 1, 2026

CVE-2026-10549 Data

JSON