CVE-2026-31798
Certificate Validation Flaw in JumpServer SMS API Enables MFA Code Interception
Publication date: 2026-03-13
Last updated on: 2026-03-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fit2cloud | jumpserver | to 4.10.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-31798 is a vulnerability in JumpServer's Custom SMS API client prior to version 4.10.16-lts. The issue is caused by improper validation of SSL/TLS certificates when JumpServer sends multi-factor authentication (MFA) or one-time password (OTP) codes via the Custom SMS API."}, {'type': 'paragraph', 'content': "Because of this improper certificate validation, an attacker can perform a man-in-the-middle (MITM) attack by intercepting the HTTPS request that contains the OTP code before it reaches the user's phone."}, {'type': 'paragraph', 'content': 'This allows the attacker to capture the OTP and use it to bypass MFA, potentially logging in as the user without their knowledge.'}] [1]
How can this vulnerability impact me? :
This vulnerability can lead to account takeover by allowing attackers to intercept OTP codes and bypass multi-factor authentication.
- Attackers can silently access user accounts without the user receiving SMS notifications.
- Privilege escalation is possible if administrative accounts are targeted, potentially compromising the entire system.
Overall, it undermines the security of the authentication process and can lead to unauthorized access and control over sensitive systems.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves interception of OTP codes sent via HTTPS requests to the Custom SMS API client in JumpServer versions prior to v4.10.16-lts due to improper certificate validation.
Detection would involve monitoring network traffic for suspicious man-in-the-middle (MITM) activity, such as unexpected or invalid SSL/TLS certificates presented during HTTPS connections to the SMS API endpoint.
Specific commands are not provided in the available resources, but general approaches include using network packet capture tools like tcpdump or Wireshark to inspect HTTPS traffic and verify certificate chains, or using tools like OpenSSL to test certificate validation against the SMS API server.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade JumpServer to version v4.10.16-lts or later, where the improper certificate validation issue in the Custom SMS API client has been fixed.
Until the upgrade can be applied, ensure that network communications to the SMS API are protected from MITM attacks by enforcing strict SSL/TLS certificate validation and using network security controls such as firewalls and intrusion detection systems.