CVE-2026-11791 - Vulnerability Details

A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Directory Server Enterprise Linux

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-11791
https://bugzilla.redhat.com/show_bug.cgi?id=2485414
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

History

Thu, 18 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
Title		389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()
First Time appeared		Redhat Redhat directory Server Redhat enterprise Linux
Weaknesses		CWE-416
CPEs		cpe:/a:redhat:directory_server:11 cpe:/a:redhat:directory_server:12 cpe:/a:redhat:directory_server:13 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat directory Server Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-11791 https://bugzilla.redhat.com/show_bug.cgi?id=2485414 https://redhat.atlassian.net/browse/PSIRTSUPT-7600
Metrics		cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-18T14:44:32.350Z

Updated: 2026-06-18T15:24:19.371Z

Reserved: 2026-06-09T13:01:16.818Z

Link: CVE-2026-11791

Vulnrichment

Updated: 2026-06-18T15:24:15.461Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-18T18:00:11Z

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object