CVE-2026-11785

4.3 MEDIUM

A flaw was found in 389 Directory Server

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CVSS: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-843

Description

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-45641 — Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally (8.4 HIGH)
CVE-2026-45635 — Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network (8.1 HIGH)
CVE-2026-45600 — Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate pri... (7.8 HIGH)
CVE-2026-45456 — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally (8.4 HIGH)
CVE-2026-44817 — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally (7.8 HIGH)