A vulnerability was found in YAFNET YetAnotherForum.NET up to 4.0.4 . It has been rated as critical . This affects an unknown function of the file /Info/4 . The manipulation leads to sql injection. This vulnerability is documented as CVE-2026-43937 . The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.