CVE-2026-11611

Vulnerability

The Content Synchronization (syncrepl) persistent search plugin in 389 Directory Server is vulnerable to denial of service. An authenticated client can open a persistent sync search and then stop reading responses, leading to unbounded memory growth as modification events queue without limit until memory exhaustion and a server crash. Additional race conditions in the plugin's thread lifecycle can cause crashes during connection teardown or shutdown. This vulnerability exists in code present since the plugin's introduction [2].

Exploitation

An attacker needs to be an authenticated client. The attacker opens a persistent sync search and then stops reading the responses. This triggers the unbounded queue growth. Race conditions leading to crashes can occur during connection teardown or server shutdown [2].

Impact

Successful exploitation can lead to a denial of service due to memory exhaustion and server crashes. The scope of the compromise is the availability of the 389 Directory Server instance [2].

Mitigation

No upstream fix is available as of 2026-04-22. The vulnerable code has been present since the plugin's introduction. Affected versions are not explicitly listed, but the issue is confirmed on UBI 8 and CentOS Stream 8 production binaries [2].