CVE Catalog

CVE-2026-12528

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed ACI string can trigger heap-buffer-overflow writes and reads during ACI parsing due to insufficient validation of keyword length after whitespace stripping.

Risk Assessment

An authenticated user with write access to the aci attribute could send a crafted ACI value to silently corrupt heap memory in the directory server process, potentially leading to unpredictable behavior or privilege escalation.

Recommendation

Update 389 Directory Server to the latest patched version immediately. Until the update is applied, restrict write access to the aci attribute to trusted users only.

Original NVD description (English source)

A flaw was found in 389 Directory Server in the __aclp__normalize_acltxt() function of aclparse.c. A malformed ACI (Access Control Instruction) string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after whitespace stripping, leading to a 1-byte out-of-bounds write and subsequent out-of-bounds reads. An authenticated user with write access to the aci attribute could send a crafted ACI value to silently corrupt heap memory in the directory server process.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS