CVE-2026-11611
Last modified
CVE-2026-11611 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Directory Server | 11.0 |
| Redhat | Directory Server | 12.0 |
| Redhat | Directory Server | 13.0 |
| Redhat | 389 Directory Server | All versions |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux | 9.0 |
| Redhat | Enterprise Linux | 10.0 |
References
- https://access.redhat.com/security/cve/CVE-2026-11611Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2485424Issue Tracking, Vendor Advisory
- https://redhat.atlassian.net/browse/PSIRTSUPT-7600Permissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-11611?
How severe is CVE-2026-11611?
How do I fix CVE-2026-11611?
Are you affected by CVE-2026-11611?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST