CVE-2026-11792NVD

Vulnerability Summary

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged (requiring non-default CLEAR password storage or a compromised replication peer), the copy overflows the buffer, corrupting heap memory and audit log output.

Severity Level

LOW(3.3)

Published Date

Jun 9, 2026

Last Modified

Jun 9, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.04%Probability

Root Weakness (CWE)

CWE-122: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredHigh

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityLow

AvailabilityLow

External References

https://access.redhat.com/errata/RHBA-2025:15534
https://access.redhat.com/security/cve/CVE-2026-11792
https://bugzilla.redhat.com/show_bug.cgi?id=2484915
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-11792NVD

Vulnerability Summary

External References