CVE-2026-11788NVD

Vulnerability Summary

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

Severity Level

MEDIUM(5.9)

Published Date

Jun 9, 2026

Last Modified

Jun 9, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.09%Probability

Root Weakness (CWE)

CWE-476: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://access.redhat.com/security/cve/CVE-2026-11788
https://bugzilla.redhat.com/show_bug.cgi?id=2485423
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11788NVD

Vulnerability Summary

External References