CVE-2026-11611 - Vulnerability Details

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat	Directory Server Enterprise Linux Redhat Directory Server

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2026-11611
https://bugzilla.redhat.com/show_bug.cgi?id=2485424
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

History

Tue, 09 Jun 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 09 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat redhat Directory Server
Vendors & Products		Redhat redhat Directory Server

Mon, 08 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.
Title		389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions
First Time appeared		Redhat Redhat directory Server Redhat enterprise Linux
Weaknesses		CWE-400
CPEs		cpe:/a:redhat:directory_server:11 cpe:/a:redhat:directory_server:12 cpe:/a:redhat:directory_server:13 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat directory Server Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2026-11611 https://bugzilla.redhat.com/show_bug.cgi?id=2485424 https://redhat.atlassian.net/browse/PSIRTSUPT-7600
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-06-08T16:17:59.532Z

Updated: 2026-06-09T14:35:36.842Z

Reserved: 2026-06-08T16:14:20.086Z

Link: CVE-2026-11611

Vulnrichment

Updated: 2026-06-09T14:29:02.824Z

NVD

Status : Awaiting Analysis

Published: 2026-06-08T17:16:40.930

Modified: 2026-06-09T02:08:28.150

Link: CVE-2026-11611

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object