A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). After a successful SASL bind with integrity protection (SSF > 0), an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer without a bounds check in sasl_io_recv() in sasl_io.c. This allows up to approximately 2 megabytes of attacker-controlled data to overflow the buffer, causing a denial of service (server crash). In FreeIPA and Red Hat Identity Management deployments, any domain user with a valid Kerberos ticket, any enrolled host, or any service account can trigger this vulnerability over the network after authenticating via GSSAPI. The vulnerable code path has existed since approximately 2013 (389-ds-base 1.3.2) and was not addressed by the CVE-2025-14905 fix, which patched a separate heap overflow in schema.c only.
CVE-2026-11610
Score 8.8 from GitHub Security Advisory (severity: HIGH) published 2026-07-07. a secondary CVSS source baseline 8.8; sources differ by 0.0.
- High severity, but no confirmed exploitation yet
A fix is available — apply it.
- CVSS v3
- 8.8
- EG Score
- 8.8(high)
- EPSS
- 45.8%
- KEV
- Not listed
Published
July 7, 2026
Last Modified
July 8, 2026
Advisory Details (2)
Auto-updated Jul 7, 20262484414 – (CVE-2026-11610) CVE-2026-11610 389-ds-base: 389-ds-base: Heap buffer overflow in sasl_io_recv() via padded SASL UNBIND
https://bugzilla.redhat.com/show_bug.cgi?id=2484414Vendor Advisories for CVE-2026-11610(18)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
- RHSA-2026:36671Red Hat Product SecurityHigh
Red Hat Security Advisory: 389-ds-base security update
- RHSA-2026:36670Red Hat Product SecurityHigh
Red Hat Security Advisory: 389-ds-base security update
- RHSA-2026:36660Red Hat Product SecurityHigh
Red Hat Security Advisory: Red Hat Directory Server 13.2 container image update
- RHSA-2026:36641Red Hat Product SecurityHigh
Red Hat Security Advisory: redhat-ds:12 security update
- RHSA-2026:36585Red Hat Product SecurityHigh
Red Hat Security Advisory: 389-ds-base security update
- RHSA-2026:36201Red Hat Product SecurityHigh
Red Hat Security Advisory: 389-ds:1.4 security update
- RHSA-2026:36202Red Hat Product SecurityHigh
Red Hat Security Advisory: 389-ds:1.4 security update
- RHSA-2026:36205Red Hat Product SecurityHigh
Red Hat Security Advisory: 389-ds-base security update
- +10 more
Patch Availability(17)
Patches are aggregated from vendor advisories (Red Hat, Microsoft, Cisco, GitHub) and package ecosystems (OSV, GHSA). Multiple rows for the same upstream release have been deduplicated.
Frequently asked(5)
What is CVE-2026-11610?
When was CVE-2026-11610 disclosed?
Is CVE-2026-11610 actively exploited?
What is the CVSS score of CVE-2026-11610?
How do I remediate CVE-2026-11610?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-11610
Is Your Infrastructure Affected by CVE-2026-11610?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.