CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.0%

CVSS Severity

CVSS v3 Score 4.9

References

Products affected by CVE-2026-11789

Redhat » Directory Server » Version: 11.0

cpe:2.3:a:redhat:directory_server:11.0
Redhat » Directory Server » Version: 12.0

cpe:2.3:a:redhat:directory_server:12.0
Redhat » Directory Server » Version: 13.0

cpe:2.3:a:redhat:directory_server:13.0
Redhat » 389 Directory Server » Version: N/A

cpe:2.3:o:redhat:389_directory_server:-
Redhat » Enterprise Linux » Version: 10.0

cpe:2.3:o:redhat:enterprise_linux:10.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0
Redhat » Enterprise Linux » Version: 9.0

cpe:2.3:o:redhat:enterprise_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-11789

Products

Pricing

Contact Us