Primary

Context

Yandex Database LDAP Filter Injection Vulnerability Allowing Unauthorized Access

Vulnerability

Patched

An LDAP filter injection vulnerability has been identified in Yandex Database versions prior to 25.3.1.25. This vulnerability allows remote attackers with valid LDAP credentials to bypass group membership checks, resulting in unauthorized access to the database.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the database by bypassing group membership checks.

Remediation

Users can upgrade to Yandex Database version 25.3.1.25 or later to address this vulnerability.

Added: Jun 2, 2026, 10:23 AM

Updated: Jun 2, 2026, 10:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Yandex Database LDAP Filter Injection Vulnerability Allowing Unauthorized Access

Vulnerability

Impact

Remediation

Affected Products

Yandex Database

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating