CVE-2026-48916
Analyzed Analyzed - Analysis Complete
LDAP Referral Following in Jenkins LDAP Plugin

Publication date: 2026-05-27

Last updated on: 2026-06-02

Assigner: Jenkins Project

Description
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-48916
EUVD
EUVD-2026-32507
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
jenkins ldap to 793.v754d6b_41b_ea_4 (inc)
jenkins ldap 807.v7d7de30930cf
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how CVE-2026-48916 affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability involves the Jenkins LDAP Plugin version 807.v7d7de30930cf and earlier, which follows LDAP referrals.

Impact Analysis

This vulnerability can lead to Remote Code Execution (RCE) on the Jenkins controller if exploitable deserialization gadgets are present on the classpath.

An attacker can exploit this by controlling the configured LDAP server or performing a man-in-the-middle attack to manipulate LDAP referrals to forward to a malicious RMI URL.

Successful exploitation allows the attacker to execute arbitrary code remotely, potentially compromising the Jenkins environment.

Detection Guidance

This vulnerability involves the Jenkins LDAP Plugin following LDAP referrals automatically, which can be exploited if an attacker controls the LDAP server or performs a man-in-the-middle attack.

To detect if your system is vulnerable, first verify the version of the Jenkins LDAP Plugin installed. Versions 807.v7d7de30930cf and earlier are affected.

You can check the installed plugin version on your Jenkins server by running the following command on the Jenkins server machine:

  • curl -sSL http://your-jenkins-server/pluginManager/api/json?depth=1 | jq '.plugins[] | select(.shortName=="ldap") | .version'

Additionally, monitoring network traffic for unexpected LDAP referral responses or suspicious RMI URLs in LDAP referrals could help detect exploitation attempts.

Since the vulnerability requires control over the LDAP server or a man-in-the-middle position, inspecting LDAP server configurations and network traffic logs for unusual referral behavior is recommended.

Mitigation Strategies

The immediate mitigation step is to upgrade the Jenkins LDAP Plugin to version 807.809.vd3a_4e5e4ec98 or later, which disables automatic following of LDAP referrals by default.

If upgrading immediately is not possible, consider disabling LDAP referrals manually in the plugin configuration to prevent automatic following.

Additionally, ensure that your LDAP server is secure and not susceptible to being controlled by an attacker, and protect your network against man-in-the-middle attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48916. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart