Vulnerability Details CVE-2026-11785
A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2026-11785
-
cpe:2.3:a:redhat:directory_server:12.0
-
cpe:2.3:a:redhat:directory_server:13.0
-
cpe:2.3:o:redhat:389_directory_server:-
-
cpe:2.3:o:redhat:enterprise_linux:10.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0