PT-2026-25917 · Jetkvm · Jetkvm
Paul Asadoorian
·
Published
2026-03-17
·
Updated
2026-03-18
·
CVE-2026-32295
CVSS v4.0
9.3
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
JetKVM versions prior to 0.5.4
Description
The software does not limit the rate of login requests, which allows for brute-force attempts to guess credentials. This impacts KVM-over-IP devices lacking brute-force protection.
Recommendations
Update JetKVM to version 0.5.4 or later.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jetkvm