QSearchQSearch

CVE-2026-10549

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass ...

Published: 2026-06-02 · Last updated: 2026-06-02

Severity and scoring

CWE
CWE-280

Description

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-40371 Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elev... (8.8 HIGH)
  • CVE-2026-11764 When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating...
  • CVE-2026-9792 A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component (6.5 MEDIUM)
  • CVE-2026-2340 A flaw was found in Samba’s vfs_worm module (6.5 MEDIUM)
  • CVE-2026-20817 Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privilege... (7.8 HIGH)