389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions
CVE-2026-11611

6.5MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Directory Server 11
Red Hat Directory Server 12
Red Hat Directory Server 13
Red Hat Enterprise Linux 10
Vendor
CVE Published:
8 June 2026

What is CVE-2026-11611?

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

References

https://access.redhat.com/security/cve/CVE-2026-11611
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2485424
issue-trackingx_refsource_REDHAT
https://redhat.atlassian.net/browse/PSIRTSUPT-7600

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.