Vulnerability in Yandex Database

CVE-2026-10549

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database.

EPSS: 0.001 (16.6th percentile) — read the EPSS interpretation.

Affected products

Yandex Database — versions 0

Weakness classification (CWE)

CWE-280 — Improper Handling of Insufficient Permissions or Privileges

References

browser-security@yandex-team.ru