PatchSiren cyber security CVE debrief
CVE-2026-11785 Red Hat CVE debrief
CVE-2026-11785 is a medium-severity vulnerability in Red Hat Directory Server. A type confusion in the SSO token extended operation handler discloses partial stack address information in LDAP responses to authenticated users. The vulnerability has a CVSS score of 4.3 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-11785).
- Vendor
- Red Hat
- Product
- Red Hat Directory Server 11
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Users of Red Hat Directory Server 12.0, 13.0, and 389 Directory Server, as well as Red Hat Enterprise Linux 9.0 and 10.0, should apply patches or mitigations.
Technical summary
The vulnerability is caused by a type confusion in the SSO token extended operation handler. This confusion leads to the disclosure of partial stack address information in LDAP responses to authenticated users.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or mitigations provided by Red Hat.
- Review and update configurations according to Red Hat's recommendations.
Evidence notes
Evidence from NVD and Red Hat indicates a type confusion vulnerability in Red Hat Directory Server.
Official resources
-
CVE-2026-11785 CVE record
CVE.org
-
CVE-2026-11785 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
-
Source reference
[email protected] - Permissions Required
CVE-2026-11785 was published on 2026-06-09T14:16:36.483Z and modified on 2026-06-12T18:47:30.467Z.