Home

Description

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

PUBLISHED Reserved 2026-06-08 | Published 2026-06-08 | Updated 2026-06-09 | Assigner redhat




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

Uncontrolled Resource Consumption

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-04-16:Reported to Red Hat.
2026-04-16:Made public.

References

access.redhat.com/security/cve/CVE-2026-11611 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2485424 (RHBZ#2485424) issue-tracking

redhat.atlassian.net/browse/PSIRTSUPT-7600

cve.org (CVE-2026-11611)

nvd.nist.gov (CVE-2026-11611)

Download JSON