CVE-2026-11787

Summary

A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-126: Buffer Over-read

Workarounds

No direct workaround addresses the code-level bug; network-level mitigations (proxies, WAFs, filter validation) do not apply. Mitigation measures to reduce exposure: restrict plugin configuration access (MEP originFilter, UID uniqueness nsUniqueAttribute, strict ACIs on cn=config); restrict Directory Manager access for ACI, MEP, or uniqueness plugin configuration; harden replication topology to restrict replication peers; monitor for anomalous search result sets that may indicate exploitation.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References