CVE-2026-9064
HIGHRed Hat Directory Server - LDAP Controls Denial of Service
Title source: manualDescription
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls within the default maximum BER message size (2 MB), causing excessive CPU consumption and heap allocation on the server. Under concurrent exploitation, this leads to significant latency degradation, worker thread starvation, or out-of-memory termination, resulting in a denial of service.
References (20)
Core 20
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26452
https://access.redhat.com/errata/RHSA-2026:26452
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26453
https://access.redhat.com/errata/RHSA-2026:26453
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26454
https://access.redhat.com/errata/RHSA-2026:26454
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26455
https://access.redhat.com/errata/RHSA-2026:26455
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26456
https://access.redhat.com/errata/RHSA-2026:26456
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26457
https://access.redhat.com/errata/RHSA-2026:26457
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26458
https://access.redhat.com/errata/RHSA-2026:26458
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26459
https://access.redhat.com/errata/RHSA-2026:26459
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26460
https://access.redhat.com/errata/RHSA-2026:26460
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26461
https://access.redhat.com/errata/RHSA-2026:26461
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26463
https://access.redhat.com/errata/RHSA-2026:26463
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26464
https://access.redhat.com/errata/RHSA-2026:26464
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26465
https://access.redhat.com/errata/RHSA-2026:26465
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26639
https://access.redhat.com/errata/RHSA-2026:26639
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26597
https://access.redhat.com/errata/RHSA-2026:26597
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:26599
https://access.redhat.com/errata/RHSA-2026:26599
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:27125
https://access.redhat.com/errata/RHSA-2026:27125
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-9064
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2480093
https://bugzilla.redhat.com/show_bug.cgi?id=2480093
Scores
CVSS v3
7.5
EPSS
0.0081
EPSS Percentile
52.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (37)
Red Hat/Red Hat Directory Server 11
Red Hat/Red Hat Directory Server 11.5 E4S for RHEL 8
8060020260609102432.0ca98e7e
Red Hat/Red Hat Directory Server 11.7 E4S for RHEL 8
8080020260610130252.f969626e
Red Hat/Red Hat Directory Server 11.9 for RHEL 8
8100020260601104139.37ed7c03
Red Hat/Red Hat Directory Server 12
Red Hat/Red Hat Directory Server 12.2 E4S for RHEL 9
9020020260615123354.1674d574
Red Hat/Red Hat Directory Server 12.4 E4S for RHEL 9
9040020260611130021.1674d574
Red Hat/Red Hat Directory Server 13
Red Hat/Red Hat Directory Server 13.2
1781714123
Red Hat/Red Hat Enterprise Linux 10
... and 27 more
Published
May 20, 2026
Tracked Since
May 20, 2026