CVE-2026-11611

6.5 MEDIUM

A flaw was found in 389 Directory Server

Published: 2026-06-08 · Last updated: 2026-06-09

Severity and scoring

CVSS: 6.5 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400

Description

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-47734 — Dulwich is a pure-Python implementation of the Git file formats and protocols (5.7 MEDIUM)
CVE-2026-46689 — Kanidm is an identity management platform
CVE-2026-46679 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)
CVE-2026-46522 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
CVE-2026-45783 — libp2p is a JavaScript Implementation of libp2p networking stack (7.5 HIGH)