Home

Description

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-09 | Updated 2026-06-09 | Assigner redhat




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

Access of Resource Using Incompatible Type ('Type Confusion')

Product status

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
unaffected

Default status
affected

Timeline

2026-04-16:Reported to Red Hat.
2026-04-16:Made public.

References

access.redhat.com/security/cve/CVE-2026-11785 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2485427 (RHBZ#2485427) issue-tracking

redhat.atlassian.net/browse/PSIRTSUPT-7600

cve.org (CVE-2026-11785)

nvd.nist.gov (CVE-2026-11785)

Download JSON