CVE-2026-48916 Jenkins Project CVE debrief

Who should care

Organizations running Jenkins with LDAP authentication enabled, particularly those using LDAP plugin version 807.v7d7de30930cf or earlier. Security teams managing CI/CD infrastructure and identity federation architectures should prioritize review of LDAP referral configurations.

Technical summary

The Jenkins LDAP Plugin's handling of LDAP referrals creates an SSRF vulnerability. LDAP referrals are responses from an LDAP server directing the client to contact a different server for requested information. When the plugin automatically follows these referrals, it may connect to arbitrary attacker-specified hosts, potentially exposing internal services or enabling further attacks. The vulnerability requires high privileges and complex attack conditions, limiting practical exploitability but maintaining significant risk in multi-tenant or compromised-LDAP-server scenarios.

Defensive priority

medium

Recommended defensive actions

• Upgrade Jenkins LDAP Plugin to a version newer than 807.v7d7de30930cf when available per Jenkins security advisory
• Review LDAP server configurations and restrict referral handling where possible
• Monitor Jenkins instance network egress for unexpected outbound connections to non-LDAP infrastructure
• Audit Jenkins authentication logs for anomalous LDAP referral patterns
• Apply network segmentation controls to limit Jenkins controller egress to trusted LDAP endpoints only

Evidence notes

Official Jenkins security advisory confirms LDAP referral following behavior in affected plugin versions. CVSS 3.1 vector AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H supports medium severity classification. CWE-918 (SSRF) weakness designation aligns with LDAP referral handling vulnerability pattern.

Official resources