Jumpserver

This hub aggregates every CVE we track for Jumpserver, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jumpserver.

• CVE-2026-31864JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering6.8Mar 13, 2026
• CVE-2026-31798JumpServer Improper Certificate Validation in Custom SMS API Client5.0Mar 13, 2026
• CVE-2025-58044JumpServer has an Open Redirect Vulnerability6.1Dec 1, 2025
• CVE-2025-62795JumpServer Unauthorized LDAP Configuration Access via WebSocket7.1Oct 30, 2025
• CVE-2025-62712JumpServer Connection Token Leak Vulnerability9.6Oct 30, 2025
• CVE-2025-27095JumpServer has a Kubernetes Token Leak Vulnerability4.3Mar 31, 2025
• CVE-2024-40628Arbitrary File Read in Ansible Playbooks in Jumpserver10.0Jul 18, 2024
• CVE-2024-40629Arbitrary File Write in Ansible Playbooks leads to RCE in Jumpserver10.0Jul 18, 2024
• CVE-2024-29202JumpServer vulnerable to Jinja2 template injection in Ansible leads to RCE in Celery9.9Mar 29, 2024
• CVE-2024-29201JumpServer's insecure Ansible playbook validation leads to RCE in Celery9.9Mar 29, 2024
• CVE-2024-29020JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked4.6Mar 29, 2024
• CVE-2024-29024JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality4.6Mar 29, 2024
• CVE-2024-24763JumpServer Open Redirect Vulnerability4.3Feb 20, 2024
• CVE-2023-48193Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because comman...9.8Nov 28, 2023
• CVE-2023-46138JumpServer default admin user email leak password reset3.7Oct 30, 2023