CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Fit2cloud: >> Jumpserver >> 3.10.22 Security Vulnerabilities

CVE-2026-31798

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts, JumpServer improperly validates certificates in the Custom SMS API Client. When JumpServer sends MFA/OTP codes via Custom SMS API, an attacker can intercept the request and capture the verification code BEFORE it reaches the user's phone. This vulnerability is fixed in v4.10.16-lts.

CVSS Score

5.0

EPSS Score

0.0

Published

2026-03-13

Page 1

Vulnerabilities

Vulnerable Software

Fit2cloud: >> Jumpserver >> 3.10.22 Security Vulnerabilities

Products

Pricing

Contact Us