CVE-2026-48917

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.

medium 6.6 CVSS 3.1
Published: May 27, 2026
Modified: Jun 2, 2026
Vendor: Jenkins
Product: Ldap
Versions: 807.v7d7de30930cf

Description

Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.

References

Related CVEs

CVE-2026-48926 medium · 4.3
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate cred
CVE-2026-48916 medium · 6.6
Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.