CVE-2026-11788
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk27th percentile - higher than 27% of all known CVEs
Summary
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.
Risk Assessment
An attacker can remotely crash the LDAP server, causing directory service disruption and potential unavailability of dependent systems.
Recommendation
Immediately update 389 Directory Server to the latest patched version and monitor system memory pressure.
Original NVD description (English source)
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

