PatchSiren cyber security CVE debrief

CVE-2026-11789 Red Hat CVE debrief

CVE-2026-11789 is a MEDIUM-severity vulnerability affecting 389 Directory Server. The SMD5 password storage plugin is vulnerable to an unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes. This causes a buffer over-read that crashes the LDAP server during authentication.

Vendor: Red Hat
Product: Red Hat Directory Server 11
CVSS: MEDIUM 4.9
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-09
Original CVE updated: 2026-06-12
Advisory published: 2026-06-09
Advisory updated: 2026-06-12

Who should care

Users of 389 Directory Server, particularly those using the SMD5 password storage plugin, should be aware of this vulnerability. This includes administrators of Red Hat Directory Server, Red Hat Enterprise Linux, and other affected systems.

Technical summary

The SMD5 password storage plugin in 389 Directory Server performs an unsigned integer underflow when computing the salt length from a crafted password hash that is shorter than 16 bytes. This underflow leads to a buffer over-read, which causes the LDAP server to crash during authentication.

Defensive priority

MEDIUM

Recommended defensive actions

Apply patches or updates provided by the vendor to address the vulnerability.
Restrict access to the LDAP server to trusted users and networks.
Monitor server logs for signs of exploitation attempts.

Evidence notes

The vulnerability was reported by Red Hat and is tracked as CVE-2026-11789. The CVSS score is 4.9, indicating a MEDIUM severity.

Official resources

CVE-2026-11789 CVE record
CVE.org
CVE-2026-11789 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Vendor Advisory
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
Source reference
[email protected] - Permissions Required

CVE-2026-11789 was published on 2026-06-09T14:16:37.070Z and modified on 2026-06-12T18:30:21.810Z.