CVEFinder.io

CVE-2026-11788

đŸ”ļ medium
🔍 Scan for this CVE
Summary

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

CVSS Score
5.9
Medium
EPSS Score
0.4
Exploit Probability
Published Date
2026-06-09
First Seen: 2026-06-10
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 33.4% of all 328,009 vulnerabilities in our database.

#218,561
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jun 9, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-12
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-476

đŸ“Ļ Affected Products 8

Vendor Product Status Affected Versions
redhat directory_server Affected
v11.0
redhat directory_server Affected
v12.0
redhat directory_server Affected
v13.0
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
redhat 389_directory_server Affected
v-

🔗 References 3

https://access.redhat.com/security/cve/CVE-2026-11788
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2485423
Issue Tracking Vendor Advisory
https://redhat.atlassian.net/browse/PSIRTSUPT-7600
Permissions Required

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-1766 đŸ”ļ medium 5.6 0.2 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke... 2026-06-16
CVE-2026-1767 đŸ”ļ medium 5.6 0.2 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` compo... 2026-06-16
CVE-2026-11785 đŸ”ļ medium 4.3 0.2 A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial st... 2026-06-09
CVE-2026-11786 ℹī¸ low 1.9 0.2 A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute ... 2026-06-09
CVE-2026-11787 đŸ”ļ medium 5.0 0.2 A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without ... 2026-06-09
CVE-2026-11789 đŸ”ļ medium 4.9 0.3 A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when comp... 2026-06-09
These CVEs affect the same products