प्लेटफ़ॉर्म
other
घटक
jumpserver
में ठीक किया गया
4.10.17
CVE-2026-31798 is a medium-severity vulnerability affecting JumpServer versions prior to 4.10.16-lts. This vulnerability stems from improper certificate validation within the Custom SMS API Client, enabling attackers to intercept Multi-Factor Authentication (MFA) or One-Time Password (OTP) codes. Affected versions include those equal to or less than 4.10.16-lts. The vulnerability is resolved with an upgrade to version 4.10.16-lts.
The primary impact of CVE-2026-31798 is the potential for unauthorized access to JumpServer instances. An attacker exploiting this vulnerability can intercept MFA/OTP codes transmitted via the Custom SMS API. This interception allows the attacker to bypass the second factor of authentication, effectively gaining access to the system as a legitimate user. The blast radius is limited to users utilizing the Custom SMS API for MFA/OTP, but successful compromise could lead to full system control and data exfiltration. This vulnerability highlights the importance of secure API integrations and proper certificate validation.
This vulnerability was publicly disclosed on 2026-03-13. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be relatively easy to exploit given access to the network traffic. The CVSS score of 5 (Medium) reflects the potential impact and relatively low complexity of exploitation.
Organizations utilizing JumpServer for bastion host functionality and relying on the Custom SMS API Client for MFA/OTP are at risk. This includes environments with legacy SMS-based authentication methods and those with limited network segmentation, increasing the potential for attackers to intercept SMS traffic.
• linux / server: Monitor JumpServer logs for unusual SMS API activity. Use journalctl -u jumpserver to filter for errors related to certificate validation or SMS sending.
journalctl -u jumpserver | grep -i "certificate validation failed" • other: Review JumpServer configuration files for the Custom SMS API Client settings. Ensure that certificate validation is enabled and properly configured. Examine network traffic for suspicious SMS messages or interception attempts using tools like Wireshark.
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (5% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-31798 is to immediately upgrade JumpServer to version 4.10.16-lts or later. If upgrading is not immediately feasible, consider temporarily disabling the Custom SMS API Client to prevent further interception attempts. Review and audit all Custom SMS API Client configurations to ensure proper certificate validation is enforced. Monitor JumpServer logs for any suspicious activity related to SMS API usage. After upgrading, confirm the fix by attempting to trigger MFA/OTP via the Custom SMS API and verifying that the codes are not intercepted.
JumpServer को संस्करण 4.10.16-lts या उच्चतर में अपडेट करें। यह संस्करण कस्टम SMS API क्लाइंट में अनुचित प्रमाणपत्र सत्यापन को ठीक करता है, जिससे MFA/OTP कोड का अवरोधन रोका जा सकता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-31798 is a medium-severity vulnerability in JumpServer versions ≤ 4.10.16-lts where improper certificate validation in the Custom SMS API Client allows attackers to intercept MFA/OTP codes.
You are affected if you are using JumpServer version 4.10.16-lts or earlier and utilize the Custom SMS API Client for MFA/OTP.
Upgrade JumpServer to version 4.10.16-lts or later. Temporarily disable the Custom SMS API Client if immediate upgrade is not possible.
There is currently no indication of active exploitation, but the vulnerability's nature suggests it could be exploited.
Refer to the official JumpServer security advisories on their website or GitHub repository for the latest information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।