PatchSiren cyber security CVE debrief
CVE-2026-11788 Red Hat CVE debrief
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.
- Vendor
- Red Hat
- Product
- Red Hat Directory Server 11
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Users of 389 Directory Server, particularly those with systems under memory pressure, should be aware of this vulnerability.
Technical summary
The CVE-2026-11788 vulnerability has a CVSS score of 5.9 and is classified as MEDIUM severity. It affects various versions of Red Hat Directory Server and Enterprise Linux. The vulnerability is caused by the dereference control plugin not checking for allocation failure before using a BER structure.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Monitor system memory pressure and LDAP server stability.
- Consider implementing additional security measures to prevent exploitation.
Evidence notes
The vulnerability is documented in the CVE record [cve-org] and detailed in the NVD entry [nvd].
Official resources
-
CVE-2026-11788 CVE record
CVE.org
-
CVE-2026-11788 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11788 was published on 2026-06-09T14:16:36.940Z and modified on 2026-06-12T18:30:45.040Z.