CVE-2026-11611

MEDIUM

389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

Title source: cna

Description

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

References (3)

Core 3

Core References

Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2026-11611

Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat

RHBZ#2485424

https://bugzilla.redhat.com/show_bug.cgi?id=2485424

https://redhat.atlassian.net/browse/PSIRTSUPT-7600

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 21.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (16)

Red Hat/Red Hat Directory Server 11

Red Hat/Red Hat Directory Server 12

Red Hat/Red Hat Directory Server 13

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

redhat/389_directory_server

redhat/directory_server 11.0

... and 6 more

Published Jun 08, 2026

Tracked Since Jun 08, 2026