CVE Catalog

CVE-2026-11611

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

A flaw in 389 Directory Server's Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

Risk Assessment

The risk is a potential DoS attack by sending sync requests and ceasing to read responses, exhausting server memory and causing unavailability. Race condition crashes may disrupt directory services.

Recommendation

Immediately update 389 Directory Server to the latest version containing fixes for CVE-2026-11611. Until patched, restrict access to trusted clients and monitor memory usage.

Original NVD description (English source)

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS