Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Jenkins Project
  • Jenkins Ldap Plugin

No data.

No data.

References
Link Providers
https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3654 cve-icon cve-icon
History

Sat, 30 May 2026 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Jenkins Project
Jenkins Project jenkins Ldap Plugin
Vendors & Products Jenkins Project
Jenkins Project jenkins Ldap Plugin

Wed, 27 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Deserialization Vulnerability in Jenkins LDAP Plugin via LDAP Referrals

Wed, 27 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-502
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2026-05-27T14:13:46.363Z

Updated: 2026-05-27T17:04:29.371Z

Reserved: 2026-05-26T14:50:46.812Z

Link: CVE-2026-48917

cve-icon Vulnrichment

Updated: 2026-05-27T17:04:26.506Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T15:16:31.347

Modified: 2026-05-27T19:54:54.150

Link: CVE-2026-48917

cve-icon Redhat

No data.