CVE-2026-11787
MediumCVSS 5.0Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A flaw was found in 389 Directory Server where the ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.
Risk Assessment
An attacker could exploit this vulnerability to destabilize the directory server or gain unauthorized access to data, threatening confidentiality and integrity.
Recommendation
Immediately update 389 Directory Server to the latest patched version and monitor vendor security advisories.
Original NVD description (English source)
A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.

