Primary

Context

Yandex Telemost Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking on MacOS

Vulnerability

A vulnerability in Yandex Telemost for Desktop on MacOS, prior to version 2.19.1, allows for search order hijacking due to an uncontrolled search path element. This issue could be exploited to manipulate the order in which libraries are loaded, potentially leading to the execution of malicious code.

Impact

Exploitation of this vulnerability could result in search order hijacking, allowing an attacker to control the loading of dynamic libraries and potentially execute arbitrary code.

Remediation

Users can upgrade to Yandex Telemost version 2.19.1 or later to address this vulnerability.

Added: Dec 9, 2025, 7:15 PM

Updated: Dec 9, 2025, 7:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.4

threat

6.4

urgency

5.7

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.4

threat

6.4

urgency

5.7

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yandex Telemost Uncontrolled Search Path Element Vulnerability Allowing Search Order Hijacking on MacOS

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating