CVE-2026-11791
Last modified
CVE-2026-11791 is a medium-severity vulnerability rated 5/10 on the CVSS scale. A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
Metrics
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Directory Server | 11.0 |
| Redhat | Directory Server | 12.0 |
| Redhat | Directory Server | 13.0 |
| Redhat | 389 Directory Server | All versions |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux | 9.0 |
| Redhat | Enterprise Linux | 10.0 |
References
- https://access.redhat.com/security/cve/CVE-2026-11791Mitigation, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2485414Issue Tracking, Vendor Advisory
- https://redhat.atlassian.net/browse/PSIRTSUPT-7600Permissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-11791?
How severe is CVE-2026-11791?
How do I fix CVE-2026-11791?
Are you affected by CVE-2026-11791?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST