CVE-2026-11791— 389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()
Possible ATT&CK Techniques 1AI
T1211 · Exploitation for StealthAffected Version Matrix 8
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Directory Server 11 | any | affected |
| Red Hat | Red Hat Directory Server 12 | any | affected |
| Red Hat | Red Hat Directory Server 13 | any | affected |
| Red Hat | Red Hat Enterprise Linux 10 | any | affected |
| Red Hat | Red Hat Enterprise Linux 6 | any | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 | any | affected |
| Red Hat | Red Hat Enterprise Linux 8 | any | affected |
| Red Hat | Red Hat Enterprise Linux 9 | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-11791
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
释放后使用
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Directory Server 11 | - | cpe:/a:redhat:directory_server:11 | |
| Red Hat | Red Hat Directory Server 12 | - | cpe:/a:redhat:directory_server:12 | |
| Red Hat | Red Hat Directory Server 13 | - | cpe:/a:redhat:directory_server:13 | |
| Red Hat | Red Hat Enterprise Linux 10 | - | cpe:/o:redhat:enterprise_linux:10 | |
| Red Hat | Red Hat Enterprise Linux 6 | - | cpe:/o:redhat:enterprise_linux:6 | |
| Red Hat | Red Hat Enterprise Linux 7 | - | cpe:/o:redhat:enterprise_linux:7 | |
| Red Hat | Red Hat Enterprise Linux 8 | - | cpe:/o:redhat:enterprise_linux:8 | |
| Red Hat | Red Hat Enterprise Linux 9 | - | cpe:/o:redhat:enterprise_linux:9 |
II. Public POCs for CVE-2026-11791
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-11791
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-11791 (2)
Other References for CVE-2026-11791 (1)
IV. Related Vulnerabilities
Same product: Red Hat Directory Server 11
- CVE-2026-12528
389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__n - CVE-2026-11774
389-ds-base: 389-ds-base: integer overflow in sasl packet le - CVE-2026-11884
389-ds-base: 389-ds-base: heap buffer overflow in schema obj - CVE-2026-11792
389-ds-base: 389-ds-base: heap buffer overflow in audit log - CVE-2026-11793
389-ds-base: 389-ds-base: stack buffer overflow in checkpref
Same vendor: Red Hat
- CVE-2026-12726
Awx: automation-controller: awx: github webhook second-order - CVE-2026-56211
Libaom: libaom: remote code execution via svc layer context - CVE-2026-56210
Libaom: libaom: heap-buffer-overflow read via missing bounds - CVE-2026-56208
Libaom: libaom: heap buffer overflow in av1 encoder first-pa - CVE-2026-56209
Libaom: libaom: arbitrary address write via svc layer contex
Same weakness: CWE-416
- CVE-2026-12706
Ffmpeg: ffmpeg: heap use-after-free read in rasc decoder dec - CVE-2026-11941
Use-after-free in connection ID iterator and FFI functions - CVE-2026-41156
GPU DDK - kernel<->fw CCB contains SYNC_PRIMITIVE_BLOCK firm - CVE-2026-34192
GPU DDK - _MMU_AllocLevel error recovery paths leave danglin - CVE-2026-56131
libexpat < 2.8.2 存在Use-After-Free漏洞
V. Comments for CVE-2026-11791
No comments yet