CVE-2026-11785

Description

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

VENDOR_ADVISORYhttps://access.redhat.com/security/cve/CVE-2026-11785
MISChttps://bugzilla.redhat.com/show_bug.cgi?id=2485427
VENDOR_ADVISORYhttps://redhat.atlassian.net/browse/PSIRTSUPT-7600