PatchSiren cyber security CVE debrief
CVE-2026-11787 Red Hat CVE debrief
A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.
- Vendor
- Red Hat
- Product
- Red Hat Directory Server 11
- CVSS
- MEDIUM 5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Users of Red Hat Directory Server, 389 Directory Server, and Red Hat Enterprise Linux 7, 8, 9, and 10 are affected by this vulnerability.
Technical summary
The vulnerability is caused by a flaw in the ldap_utf8prev() function, which reads bytes before the start of a buffer without bounds checking. This can cause a heap buffer over-read in string filter parsing, potentially influencing internal filter processing behavior.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by Red Hat to address the vulnerability.
- Refer to Red Hat's security advisory for CVE-2026-11787 for more information and mitigation steps: [ref-4].
- Review and track the issue on Red Hat's bugzilla: [ref-5].
Evidence notes
The CVE-2026-11787 vulnerability was published on 2026-06-09T14:16:36.773Z and modified on 2026-06-12T18:38:54.423Z. The vulnerability has a CVSS score of 5 and is classified as MEDIUM severity.
Official resources
-
CVE-2026-11787 CVE record
CVE.org
-
CVE-2026-11787 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11787 was published on 2026-06-09T14:16:36.773Z and modified on 2026-06-12T18:38:54.423Z.