CVE-2026-1290
Authentication Bypass in Jamf Pro
Publication date: 2026-01-21
Last updated on: 2026-01-21
Assigner: JAMF
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jamf | jamf_pro | From 11.20 (inc) to 11.24 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Bypass by Primary Weakness in Jamf Jamf Pro versions from 11.20 through 11.24. It allows an attacker to bypass authentication mechanisms, potentially gaining unauthorized access to the system.
How can this vulnerability impact me? :
The impact of this vulnerability is unspecified, but since it involves authentication bypass, it could allow unauthorized users to access protected resources or perform actions without proper credentials, potentially compromising system security.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Jamf Pro to version 11.24.0 or later, as this version includes resolved issues related to the vulnerability. [1]