Skip to main content

389 Directory Server EUVD-2026-35420

| CVE-2026-11788 HIGH
NULL Pointer Dereference (CWE-476)
2026-06-09 redhat GHSA-x2wj-4r98-4867
Denial Of Service Null Pointer Dereference Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.9 MEDIUM

Network-reachable and unauthenticated, but exploitation depends on inducing a memory-allocation failure in the server, so AC:H; impact is availability-only crash of ns-slapd.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

10
Analysis Updated
Jun 12, 2026 - 18:43 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 12, 2026 - 18:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 12, 2026 - 18:37 vuln.today
cvss_changed
Severity Changed
Jun 12, 2026 - 18:37 NVD
MEDIUM HIGH
CVSS changed
Jun 12, 2026 - 18:37 NVD
5.9 (MEDIUM) 7.5 (HIGH)
Re-analysis Queued
Jun 12, 2026 - 18:37 vuln.today
cvss_changed
Severity Changed
Jun 12, 2026 - 18:37 NVD
MEDIUM HIGH
CVSS changed
Jun 12, 2026 - 18:37 NVD
5.9 (MEDIUM) 7.5 (HIGH)
Analysis Generated
Jun 09, 2026 - 13:52 vuln.today
CVE Published
Jun 09, 2026 - 13:02 nvd
MEDIUM 5.9

DescriptionNVD

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.

AnalysisAI

Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 through 10) allows unauthenticated network attackers to crash the LDAP daemon by exploiting an unchecked BER structure allocation in the dereference control plugin when the host is under memory pressure. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.09%, 25th percentile), but the unauthenticated network-reachable nature warrants prompt patching of internet-facing or business-critical directory services.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify exposed LDAP service
Delivery
Induce memory pressure on target host
Exploit
Send search with dereference control
Install
Trigger failed BER allocation
C2
NULL pointer dereference in plugin
Execute
ns-slapd process crashes
Impact
Directory service outage
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires network reachability to the 389 Directory Server LDAP/LDAPS listener (typically 389/tcp or 636/tcp) and the ability to send a search request invoking the dereference control plugin, which is enabled by default in 389-ds. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are coherent but mixed in priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated attacker with TCP reach to the LDAP listener sends a search request carrying the dereference control while the server is under memory pressure (which the attacker may amplify through concurrent expensive searches or sheer connection volume); a failed BER allocation returns NULL, the plugin dereferences it, and ns-slapd crashes, taking directory authentication and lookup services offline. No public exploit has been identified at time of analysis.
Remediation Patch available per vendor advisory - apply the Red Hat-provided 389-ds-base / redhat-ds package update for your platform once the corresponding RHSA is published (track https://access.redhat.com/security/cve/CVE-2026-11788 and Bugzilla 2485423 for the exact fixed version, which was not included in the input data). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all 389 Directory Server and Red Hat Directory Server 11, 12, 13 instances, with emphasis on those exposed to untrusted networks or the internet. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11789 MEDIUM
6.5 Jun 09

Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
CVE-2026-11786 MEDIUM
6.5 Jun 09

Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
CVE-2026-11611 MEDIUM
6.5 Jun 08

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat
CVE-2026-11884 MEDIUM
6.5 Jun 10

Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replicat
CVE-2026-11787 MEDIUM
6.3 Jun 09

Heap buffer over-read in Red Hat Directory Server's ldap_utf8prev() function exposes LDAP deployments to potential confi

Share

EUVD-2026-35420 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy