CVE-2026-11791: Use After Free in Red Hat Red Hat Directory Server 11
A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
AI Analysis
Technical Summary
A use-after-free vulnerability exists in Red Hat Directory Server 11 within the attr_syntax_swap_ht() function during schema reload. This function unconditionally frees attribute syntax information nodes, bypassing the reference count-based deferred deletion mechanism used elsewhere. If an administrator triggers a schema reload while LDAP query traffic is active, worker threads may access memory that has already been freed, causing use-after-free or double-free conditions and leading to a denial of service (server crash). The vulnerability is documented as CVE-2026-11791 with a CVSS 3.1 base score of 5.0 (medium severity). The vendor advisory does not currently specify a patch or mitigation.
Potential Impact
Successful exploitation can cause denial of service by crashing the Red Hat Directory Server due to use-after-free or double-free memory errors triggered during schema reload under concurrent LDAP query load. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-11791 for current remediation guidance. Until a fix is available, avoid triggering schema reload operations during periods of active LDAP query traffic to reduce the risk of server crashes.
CVE-2026-11791: Use After Free in Red Hat Red Hat Directory Server 11
Description
A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while concurrent LDAP query traffic is active, worker threads may access freed memory, resulting in use-after-free or double-free and a denial of service (server crash).
CVSS v3.1
Score 5.0medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
A use-after-free vulnerability exists in Red Hat Directory Server 11 within the attr_syntax_swap_ht() function during schema reload. This function unconditionally frees attribute syntax information nodes, bypassing the reference count-based deferred deletion mechanism used elsewhere. If an administrator triggers a schema reload while LDAP query traffic is active, worker threads may access memory that has already been freed, causing use-after-free or double-free conditions and leading to a denial of service (server crash). The vulnerability is documented as CVE-2026-11791 with a CVSS 3.1 base score of 5.0 (medium severity). The vendor advisory does not currently specify a patch or mitigation.
Potential Impact
Successful exploitation can cause denial of service by crashing the Red Hat Directory Server due to use-after-free or double-free memory errors triggered during schema reload under concurrent LDAP query load. There is no indication of confidentiality or integrity impact. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-11791 for current remediation guidance. Until a fix is available, avoid triggering schema reload operations during periods of active LDAP query traffic to reduce the risk of server crashes.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-09T13:01:16.818Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-11791","vendor":"Red Hat"}]
Threat ID: 6a340cacf198dc38c1059176
Added to database: 6/18/2026, 3:20:12 PM
Last enriched: 6/18/2026, 3:36:24 PM
Last updated: 6/18/2026, 6:16:35 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.