CVE-2026-11786
LowCVSS 1.9Exploitation Probability (EPSS)
Low risk6th percentile — higher than 6% of all known CVEs
Summary
A flaw in 389 Directory Server's LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.
Risk Assessment
An attacker could exploit this vulnerability to read beyond the buffer, potentially leading to information disclosure or server instability.
Recommendation
Immediately update 389 Directory Server to the latest patched version and avoid importing untrusted LDIF files.
Original NVD description (English source)
A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

