CVE-2026-11786

Published: Giu 09, 2026 Last Modified: Giu 12, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 1,9
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none

Description

AI Translation Available

A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0002
Percentile
0,1th
Updated

EPSS Score Trend (Last 6 Days)

125

Out-of-bounds Read

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Availability Other
Potential Impacts:
Read Memory Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Varies By Context
Applicable Platforms
Languages: Memory-Unsafe, C, C++
Technologies: ICS/OT
View CWE Details
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Directory Server by Redhat

Product Information
Vendor Redhat
Product Directory Server
Version 11.0
cpe:2.3:a:redhat:directory_server:11.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 9.0
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Directory Server by Redhat

Product Information
Vendor Redhat
Product Directory Server
Version 13.0
cpe:2.3:a:redhat:directory_server:13.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Directory Server by Redhat

Product Information
Vendor Redhat
Product Directory Server
Version 12.0
cpe:2.3:a:redhat:directory_server:12.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

389 Directory Server by Redhat

Product Information
Vendor Redhat
Product 389 Directory Server
Version -
cpe:2.3:o:redhat:389_directory_server:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 10.0
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Enterprise Linux by Redhat

Product Information
Vendor Redhat
Product Enterprise Linux
Version 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/security/cve/CVE-2026-11786
https://access.redhat.com/security/cve/CVE-2026-11786
https://bugzilla.redhat.com/show_bug.cgi?id=2485426
https://bugzilla.redhat.com/show_bug.cgi?id=2485426
https://redhat.atlassian.net/browse/PSIRTSUPT-7600
https://redhat.atlassian.net/browse/PSIRTSUPT-7600