CVE Catalog

CVE-2026-11786

LowCVSS 1.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

6th percentile — higher than 6% of all known CVEs

Summary

A flaw in 389 Directory Server's LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

Risk Assessment

An attacker could exploit this vulnerability to read beyond the buffer, potentially leading to information disclosure or server instability.

Recommendation

Immediately update 389 Directory Server to the latest patched version and avoid importing untrusted LDIF files.

Original NVD description (English source)

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS