Description
Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.
Published: 2026-01-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass (Broken Access Control)
Action: Patch
AI Analysis

Impact

The vulnerability is an authentication bypass caused by a primary weakness in Jamf Pro, allowing attackers to access the system without valid credentials. This broken access control can enable unauthorized users to view or modify data, run privileged commands, or otherwise compromise the affected Jamf environment. The description indicates unspecified impact, which could encompass a range of confidentiality, integrity, or availability concerns depending on the attacker’s intent and system configuration.

Affected Systems

Jamf Pro versions from 11.20 through 11.24 are affected. An impact on any environment using these versions must be evaluated to determine the scope of exposed resources and whether the authentication bypass could affect critical management tasks.

Risk and Exploitability

The CVSS score of 5.3 denotes moderate severity, while the EPSS score of less than 1% indicates a low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed public exploits yet. The likely attack vector is remote, potentially through the web‑based administrative interface or API, though the exact method is not detailed in the source material. The authentication bypass nature means an attacker could obtain unauthorized access without initial credentials, and once inside, could conduct further malicious activities depending on the role permissions granted after bypass.

Generated by OpenCVE AI on April 18, 2026 at 15:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Jamf Pro to a version newer than 11.24 to eliminate the authentication bypass.
  • Consult Jamf’s release notes for any additional security patches bundled with newer releases and apply them promptly.
  • Validate that role‑based access controls are correctly enforced, particularly for privileged actions, to address the identified CWE‑305 weakness.
  • Implement multi‑factor authentication and enforce strong password policies to reduce the risk of future authentication weaknesses.

Generated by OpenCVE AI on April 18, 2026 at 15:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Jamf
Jamf jamf
Vendors & Products Jamf
Jamf jamf

Wed, 21 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 21 Jan 2026 15:45:00 +0000

Type Values Removed Values Added
Description Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24.
Title [PI141230] Fixed A broken access control issue.
Weaknesses CWE-305
References
Metrics cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}

Subscriptions

Jamf Jamf
cve-icon MITRE

Status: PUBLISHED

Assigner: JAMF

Published:

Updated: 2026-01-21T15:49:21.064Z

Reserved: 2026-01-21T15:24:32.098Z

Link: CVE-2026-1290

cve-icon Vulnrichment

Updated: 2026-01-21T15:49:06.529Z

cve-icon NVD

Status : Deferred

Published: 2026-01-21T16:16:08.040

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1290

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:45:04Z

Weaknesses