CVE-2026-11786NVD

Vulnerability Summary

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

Severity Level

LOW(1.9)

Published Date

Jun 9, 2026

Last Modified

Jun 9, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.01%Probability

Root Weakness (CWE)

CWE-125: Out-of-bounds Read ↗

The software reads data past the end, or before the beginning, of the intended buffer.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityHigh

Privileges RequiredHigh

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityNone

AvailabilityNone

External References

https://access.redhat.com/security/cve/CVE-2026-11786
https://bugzilla.redhat.com/show_bug.cgi?id=2485426
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11786NVD

Vulnerability Summary

External References