redhat directory-server CVE-2026-11785 vulnerability in Red Hat Products
Published on June 9, 2026

389-ds-base: 389-ds-base: partial stack address information leak via ber_printf type confusion in sso token handler
A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

NVD

Vulnerability Analysis

CVE-2026-11785 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public.

Weakness Type

What is an Object Type Confusion Vulnerability?

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE-2026-11785 has been classified to as an Object Type Confusion vulnerability or weakness.


Products Associated with CVE-2026-11785

stack.watch emails you whenever new vulnerabilities are published in Red Hat Directory Server or Red Hat Enterprise Linux (RHEL). Just hit a watch button to start following.

Red Hat Directory Server
 
Red Hat Enterprise Linux (RHEL)
 

Affected Versions

Red Hat Directory Server 11: Red Hat Directory Server 12: Red Hat Directory Server 13: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: