CVE Catalog

CVE-2026-11788

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile - higher than 27% of all known CVEs

Summary

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

Risk Assessment

An attacker can remotely crash the LDAP server, causing directory service disruption and potential unavailability of dependent systems.

Recommendation

Immediately update 389 Directory Server to the latest patched version and monitor system memory pressure.

Original NVD description (English source)

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS