389-ds-base: 389-ds-base: null pointer dereference in deref control plugin ber parser
CVE-2026-11788

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Directory Server 11; Red Hat Directory Server 12; Red Hat Directory Server 13; Red Hat Enterprise Linux 10
Vendor: CVE Published:; 9 June 2026

What is CVE-2026-11788?

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure.