jumpserver — Vulnerabilities & Security Advisories 23

All 23 CVE vulnerabilities found in jumpserver, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-31864	JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering CWE-1336	6.8	Medium	2026-03-13
CVE-2026-31798	JumpServer Improper Certificate Validation in Custom SMS API Client CWE-295	5.0	Medium	2026-03-13
CVE-2025-58044	JumpServer has an Open Redirect Vulnerability CWE-601	6.1^AI	Medium^AI	2025-12-01
CVE-2025-62795	JumpServer Unauthorized LDAP Configuration Access via WebSocket CWE-863	7.1	High	2025-10-30
CVE-2025-62712	JumpServer Connection Token Leak Vulnerability CWE-862	9.6	Critical	2025-10-30
CVE-2025-27095	JumpServer has a Kubernetes Token Leak Vulnerability CWE-266	4.3	Medium	2025-03-31
CVE-2024-40628	Arbitrary File Read in Ansible Playbooks in Jumpserver CWE-22	10.0	Critical	2024-07-18
CVE-2024-40629	Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver CWE-22	10.0	Critical	2024-07-18
CVE-2024-29202	JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery CWE-94	10.0	Critical	2024-03-29
CVE-2024-29201	JumpServer's insecure Ansible playbook validation leads to RCE in Celery CWE-94	10.0	Critical	2024-03-29
CVE-2024-29020	JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked CWE-639	4.6	Medium	2024-03-29
CVE-2024-29024	JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality CWE-639	4.6	Medium	2024-03-29
CVE-2024-24763	JumpServer Open Redirect Vulnerability CWE-601	4.3	Medium	2024-02-20
CVE-2023-46138	JumpServer default admin user email leak password reset CWE-640	3.7	Low	2023-10-30
CVE-2023-46123	jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values CWE-307	5.3	Medium	2023-10-25
CVE-2023-42818	SSH public key login without private key challenge if mfa is enabled in jumpserver CWE-287	5.4	Medium	2023-09-27
CVE-2023-43651	Remote code execution on the host system via MongoDB shell in jumpserver CWE-94	8.6	High	2023-09-27
CVE-2023-43650	Non-MFA account takeover via brute-force attack on weak password reset code in jumpserver CWE-640	8.2	High	2023-09-27
CVE-2023-43652	Non-MFA account takeover via using only SSH public key to login in jumpserver CWE-862	8.2	High	2023-09-27
CVE-2023-42819	Path traversal in Jumpserver CWE-22	8.9	High	2023-09-26
CVE-2023-42820	Random seed leakage in Jumpserver CWE-200	7.0	High	2023-09-26
CVE-2023-42442	JumpServer session replays download without authentication CWE-287	8.2	High	2023-09-15
CVE-2023-28110	JumpServer Koko vulnerable to Command Injection for Kubernetes Connection CWE-77	5.7	Medium	2023-03-16

All 23 known CVE vulnerabilities affecting jumpserver with full Chinese analysis, references, and POCs where available.

Goal Reached Thanks to every supporter — we hit 100%!

jumpserver — Vulnerabilities & Security Advisories 23