CVE-2026-11786

Published: Jun 9, 2026Modified: Jun 12, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

Affected (8)

Products: Redhat: 389 Directory Server, Directory Server, Enterprise Linux

3 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Redhat 389 Directory Server	All versions
Redhat Directory Server	Version 11.0
Redhat Directory Server	Version 12.0
Redhat Directory Server	Version 13.0
Redhat Enterprise Linux	Version 10.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (3)

https://access.redhat.com/security/cve/CVE-2026-11786

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2485426

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://redhat.atlassian.net/browse/PSIRTSUPT-7600

Source: secalert@redhat.com

Permissions Required

Timeline

No history available yet.