CVE-2026-11791

MEDIUM

389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()

Title source: cna
STIX 2.1

Description

A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).

References (3)

Core 3
Core References
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-11791
Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat
RHBZ#2485414
https://bugzilla.redhat.com/show_bug.cgi?id=2485414

Scores

CVSS v3 5.0
EPSS 0.0021
EPSS Percentile 11.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-416
Status published
Products (16)
Red Hat/Red Hat Directory Server 11
Red Hat/Red Hat Directory Server 12
Red Hat/Red Hat Directory Server 13
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
redhat/389_directory_server
redhat/directory_server 11.0
... and 6 more
Published Jun 18, 2026
Tracked Since Jun 18, 2026