CVE-2026-11611 MEDIUM

CVE-2026-11611: 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

Vendor Red Hat
Product Red Hat Directory Server 11
Weakness CWE-400
Published June 8, 2026
Last update June 9, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.

Key dates

02Disclosure timeline

June 8, 2026 CVE published
June 9, 2026 Record updated