anonhaven
Ad

CVE-2026-31864

MEDIUM CVSS 3.1: 6.8 EPSS 0.05%
Updated Mar 18, 2026
Jumpserver
Parameter Value
CVSS 6.8 (MEDIUM)
Affected Versions 4.0.0 — 4.10.16
Fixed In 3.10.22
Type CWE-1336 (Template Injection)
Vendor Jumpserver
Public PoC No

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection (SSTI) vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges (Application Applet Management or Virtual Application Management permissions). Attackers can exploit this vulnerability to execute arbitrary code within the JumpServer Core container.

The vulnerability arises from unsafe use of Jinja2 template rendering when processing user-uploaded YAML configuration files. When a user uploads an Applet or VirtualApp ZIP package, the manifest.yml file is rendered through Jinja2 without sandbox restrictions, allowing template injection attacks.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
High
Admin privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-1336 Template Injection

Vulnerable Products 2

Configuration From (including) Up to (excluding)
Fit2cloud Jumpserver
cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*
 3.10.22
Fit2cloud Jumpserver
cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*
 4.0.0 4.10.16

References 2

https://github.com/jumpserver/jumpserver/pull/16608
security-advisories@github.com
https://github.com/jumpserver/jumpserver/security/advisories/GHSA-qx8h-rx2j-j5wc
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31798

Jumpserver

5.0