CVE-2026-48917
Received
Received - Intake
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Jenkins Project
Description
Description
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jenkinsci | ldap_plugin | to 807 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Jenkins LDAP Plugin version 807.v7d7de30930cf and earlier. It involves the plugin deserializing data from LDAP referrals without performing validation on that data.
How can this vulnerability impact me? :
Deserializing data from LDAP referrals without validation can lead to security risks such as remote code execution or other malicious actions if an attacker can control the LDAP referral data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70