CVE Catalog

CVE-2026-11785

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile - higher than 8% of all known CVEs

Summary

A type confusion flaw was found in the SSO token extended operation handler of 389 Directory Server. It discloses partial stack address information in LDAP responses to authenticated users.

Risk Assessment

Disclosure of stack addresses may help an attacker bypass ASLR and facilitate further attacks on the server.

Recommendation

Immediately update 389 Directory Server to the latest version containing the fix for this vulnerability.

Original NVD description (English source)

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS