CVE-2026-11791

🔶 medium

Summary

A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).

CVSS Score

5.0

Medium

EPSS Score

0.3

Exploit Probability

Published Date

2026-06-18

First Seen: 2026-06-25

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.2% of all 330,193 vulnerabilities in our database.

#266,649

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Jun 18, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-06-26

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

CWE IDs (Weakness Types)

CWE-416

📦 Affected Products 8

Vendor	Product	Status	Affected Versions
redhat	directory_server	Affected	v11.0
redhat	directory_server	Affected	v12.0
redhat	directory_server	Affected	v13.0
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0
redhat	389_directory_server	Affected	v-

🔗 References 3

https://access.redhat.com/security/cve/CVE-2026-11791

Mitigation Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2485414

Issue Tracking Vendor Advisory

https://redhat.atlassian.net/browse/PSIRTSUPT-7600

Permissions Required

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-55653	🔶 medium	4.3	0.2	A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group ...	2026-06-23
CVE-2026-55654	ℹ️ low	3.7	0.3	A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic...	2026-06-23
CVE-2026-55655	🔶 medium	5.0	0.1	A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding ...	2026-06-23
CVE-2026-1764	🔶 medium	5.6	0.2	A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially craf...	2026-06-16
CVE-2026-1766	🔶 medium	5.6	0.2	A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke...	2026-06-16
CVE-2026-1767	🔶 medium	5.6	0.2	A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` compo...	2026-06-16

These CVEs affect the same products