CVE-2026-31798

Medium CVSS: 5.0

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and capture the verification code BEFORE it reaches the user's phone. This vulnerability is fixed in v4.10.16-lts.

Vendor

Fit2cloud

Product

Jumpserver

CWE

CWE-295

Yayın Tarihi

2026-03-13 19:54:36

Güncelleme

2026-03-18 13:07:58

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-295 Jumpserver MEDIUM Fit2cloud 2026

Referanslar

https://github.com/jumpserver/jumpserver/security/advisories/GHSA-26pj-mmxw-w3w7

Benzer Kayıtlar

High

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Se…

High

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a cr…

High

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a S…

Medium

CVE-2026-31864

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template…

Medium

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend…

Medium

CVE-2025-15597

A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps…