CVEFinder.io

CVE-2026-9064

⚠️ high
🔍 Scan for this CVE
Summary

A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation,

Description

A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-20
First Seen: 2026-05-21
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 325,703 vulnerabilities in our database.

#100,992
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 20, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
Red Hat would like to thank Oleh Konko (1seal.org) for reporting this issue.
SSVC data provided by CISA
Last Modified 2026-06-02
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-770

📦 Affected Products 9

Vendor Product Status Affected Versions
redhat directory_server Affected
v11.0
redhat directory_server Affected
v12.0
redhat directory_server Affected
v13.0
redhat enterprise_linux Affected
v10.0
redhat enterprise_linux Affected
v6.0
redhat enterprise_linux Affected
v7.0
redhat enterprise_linux Affected
v8.0
redhat enterprise_linux Affected
v9.0
redhat 389_directory_server Affected
v-

🔗 References 2

https://access.redhat.com/security/cve/CVE-2026-9064
Mitigation Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2480093
Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-1933 ⚠️ high 7.1 0.1 A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to mi... 2026-05-27
CVE-2026-2340 🔶 medium 6.5 0.1 A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protection... 2026-05-27
CVE-2026-4480 ⛔ critical 9.0 0.4 A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the comma... 2026-05-26
CVE-2026-48864 ⚠️ high 7.8 0.0 A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed... 2026-05-26
CVE-2026-9149 🔶 medium 6.5 0.1 A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted ... 2026-05-21
CVE-2026-9150 🔶 medium 6.5 0.0 A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser w... 2026-05-20
These CVEs affect the same products