PatchSiren cyber security CVE debrief
CVE-2026-11774 Red Hat CVE debrief
CVE-2026-11774 is a HIGH severity vulnerability in the SASL I/O layer of 389 Directory Server (389-ds-base). An integer overflow flaw was found in sasl_io_start_packet(), which can cause a heap buffer overflow of up to approximately 2 megabytes of attacker-controlled data after a successful SASL bind with integrity protection. This can lead to a Denial of Service (DoS) or achieve Remote Code Execution (RCE). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, enrolled host, or service account can trigger this vulnerability over the network.
- Vendor
- Red Hat
- Product
- Red Hat Directory Server 11
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of 389 Directory Server (389-ds-base), particularly those using FreeIPA and Red Hat Identity Management deployments, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by an integer overflow in the SASL I/O layer of 389 Directory Server. Specifically, adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer overflow.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the integer overflow flaw in the SASL I/O layer.
- Implement network access controls to limit exploitation attempts.
- Monitor systems for suspicious activity.
Evidence notes
The CVE-2026-11774 record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-11774). Additional information can be found at [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-11774), [ref-4](https://access.redhat.com/security/cve/CVE-2026-11774), [ref-5](https://bugzilla.redhat.com/show_bug.cgi?id=2484916), and [ref-6](https://redhat.atlassian.net/browse/PSIRTSUPT-7600).
Official resources
CVE-2026-11774 was published on 2026-06-11T19:16:37.853Z and modified on 2026-06-11T20:56:29.653Z.