CVE-2026-11785 MEDIUM

CVE-2026-11785: 389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler

Vendor Red Hat
Product Red Hat Directory Server 11
Weakness CWE-843
Published June 9, 2026
Last update June 9, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 9, 2026 Record updated