CVE-2026-32295
Brute-Force Vulnerability in JetKVM Login Due to Missing Rate Limiting
Publication date: 2026-03-17
Last updated on: 2026-04-10
Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jetkvm | kvm | to 0.5.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow an attacker to gain unauthorized access by successfully guessing login credentials through brute-force attempts.
This can lead to a complete compromise of confidentiality since the CVSS v3.1 score indicates high impact on confidentiality (C:H) with no impact on integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in JetKVM versions before 0.5.4 where the software does not implement rate limiting on login requests.
Because of this lack of rate limiting, attackers can perform brute-force attacks by repeatedly attempting to guess user credentials without restriction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know