CVE-2026-48919
Received
Received - Intake
BaseFortify
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: Jenkins Project
Description
Description
Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jenkinsci | active_directory_plugin | to 2.41 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Jenkins Active Directory Plugin version 2.41 and earlier. It involves the plugin deserializing data from LDAP referrals without performing proper validation.
How can this vulnerability impact me? :
Deserializing data from LDAP referrals without validation can lead to security risks such as remote code execution or other malicious actions if an attacker can control the LDAP referral data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70