CVE-2026-48918
6.6 MEDIUMJenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default
Published: 2026-05-27 · Last updated: 2026-05-28
Severity and scoring
- CVSS
- 6.6 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-918
Affected products
| Vendor | Product |
|---|---|
| jenkins | active_directory |
Description
Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-53442 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job c... (5.3 MEDIUM)
- CVE-2026-53441 — Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description ... (5.4 MEDIUM)
- CVE-2026-53440 — Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" secur... (4.3 MEDIUM)
- CVE-2026-53439 — Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine... (4.3 MEDIUM)
- CVE-2026-53438 — A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lackin... (4.3 MEDIUM)
Same CWE
- CVE-2025-60175 — Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions (4.4 MEDIUM)
- CVE-2026-12210 — A vulnerability was detected in universal-tool-calling-protocol python-utcp 1.1.0 (6.3 MEDIUM)
- CVE-2026-53827 — OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata ... (6.5 MEDIUM)
- CVE-2026-47268 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.4 MEDIUM)
- CVE-2026-46717 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (7.7 HIGH)