CVE-2026-11791
MEDIUM389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()
Title source: cnaDescription
A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
References (3)
Core 3
Core References
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-11791
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2485414
https://bugzilla.redhat.com/show_bug.cgi?id=2485414
Scores
CVSS v3
5.0
EPSS
0.0021
EPSS Percentile
11.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (16)
Red Hat/Red Hat Directory Server 11
Red Hat/Red Hat Directory Server 12
Red Hat/Red Hat Directory Server 13
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
redhat/389_directory_server
redhat/directory_server
11.0
... and 6 more
Published
Jun 18, 2026
Tracked Since
Jun 18, 2026