What is CVE-2026-11790?

CVE-2026-11790 is a medium-severity vulnerability, classified under Uncontrolled Resource Consumption. CVSS score: 4.9/10. Published 2026-06-09.

How severe is CVE-2026-11790?

Medium severity. CVSS v3 base score is 4.9 out of 10.

CVE-2026-11790

CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash c…

Vulnerability class: DoS (Denial of Service)

CVSS v3 metric

CVSS v3 base score 4.9 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H.

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

secalert@redhat.com
secalert@redhat.com
secalert@redhat.com

Frequently asked questions

What is CVE-2026-11790?: CVE-2026-11790 is a medium-severity vulnerability, classified under Uncontrolled Resource Consumption. CVSS score: 4.9/10. Published 2026-06-09.
How severe is CVE-2026-11790?: Medium severity. CVSS v3 base score is 4.9 out of 10.