CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-11787

A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.0%

CVSS Severity

CVSS v3 Score 5.0

References

Products affected by CVE-2026-11787

Redhat » Directory Server » Version: 11.0

cpe:2.3:a:redhat:directory_server:11.0
Redhat » Directory Server » Version: 12.0

cpe:2.3:a:redhat:directory_server:12.0
Redhat » Directory Server » Version: 13.0

cpe:2.3:a:redhat:directory_server:13.0
Redhat » 389 Directory Server » Version: N/A

cpe:2.3:o:redhat:389_directory_server:-
Redhat » Enterprise Linux » Version: 10.0

cpe:2.3:o:redhat:enterprise_linux:10.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0
Redhat » Enterprise Linux » Version: 8.0

cpe:2.3:o:redhat:enterprise_linux:8.0
Redhat » Enterprise Linux » Version: 9.0

cpe:2.3:o:redhat:enterprise_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-11787

Products

Pricing

Contact Us