CVE-2026-11791
MediumCVSS 5.0Exploitation Probability (EPSS)
Low risk16th percentile — higher than 16% of all known CVEs
Summary
A flaw in 389 Directory Server causes the attr_syntax_swap_ht() function to unconditionally free attribute syntax information nodes during schema reload, bypassing the refcount-based deferred deletion. If an administrator triggers schema reload while concurrent LDAP queries are active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
Risk Assessment
The risk is a potential denial of service where an attacker or administrator action can crash the directory server by combining schema reload with active LDAP queries, disrupting authentication and data access services.
Recommendation
Update 389 Directory Server to the latest patched version immediately. Until patched, avoid schema reloads during periods of high LDAP query activity.
Original NVD description (English source)
A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).

