CVE-2026-10549
Description
Yandex Database 25.3.1.25 and earlier are vulnerable to LDAP filter injection, allowing authenticated users to bypass group checks and gain unauthorized access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Yandex Database 25.3.1.25 and earlier are vulnerable to LDAP filter injection, allowing authenticated users to bypass group checks and gain unauthorized access.
Vulnerability
An LDAP filter injection vulnerability exists in Yandex Database prior to version 25.3.1.25. This flaw allows a remote attacker who possesses valid LDAP credentials to bypass group membership checks. The vulnerability is present in the LDAP authentication mechanism.
Exploitation
A remote attacker with valid LDAP credentials can exploit this vulnerability. By crafting a malicious LDAP filter, the attacker can manipulate the authentication process to gain unauthorized access to the database, effectively bypassing intended group membership restrictions.
Impact
Successful exploitation of this vulnerability allows an attacker to bypass group membership checks, resulting in unauthorized access to the Yandex Database. This could lead to the disclosure of sensitive information or unauthorized modification of data, depending on the privileges associated with the bypassed group.
Mitigation
This vulnerability is fixed in Yandex Database version 25.3.1.25. Users are advised to upgrade to this version or a later release. No workarounds are disclosed in the available references. The provided reference [1] details other security fixes for YDB but does not specifically mention this LDAP filter injection vulnerability or its fix date.
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.