EUVD-2026-26227CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Analysis
Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
Sign in for full analysis, threat intelligence, and remediation guidance.
More from same product – last 7 days
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap
Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.
Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perfo
Privilege escalation in Azure IoT Central enables authenticated attackers to gain unauthorized access to sensitive infor
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such a
Share
External POC / Exploit Code
Leaving vuln.today