CVE-2026-11788

Published: Jun 9, 2026Modified: Jun 12, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

Affected (8)

Products: Redhat: 389 Directory Server, Directory Server, Enterprise Linux

3 products

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Redhat 389 Directory Server	All versions
Redhat Directory Server	Version 11.0
Redhat Directory Server	Version 12.0
Redhat Directory Server	Version 13.0
Redhat Enterprise Linux	Version 10.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (3)

https://access.redhat.com/security/cve/CVE-2026-11788

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2485423

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://redhat.atlassian.net/browse/PSIRTSUPT-7600

Source: secalert@redhat.com

Permissions Required

Timeline

No history available yet.