CVE Catalog
CVE-2026-11785
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk0.18%
8th percentile - higher than 8% of all known CVEs
Summary
A type confusion flaw was found in the SSO token extended operation handler of 389 Directory Server. It discloses partial stack address information in LDAP responses to authenticated users.
Risk Assessment
Disclosure of stack addresses may help an attacker bypass ASLR and facilitate further attacks on the server.
Recommendation
Immediately update 389 Directory Server to the latest version containing the fix for this vulnerability.
Original NVD description (English source)
A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

