Jenkins OWASP ZAP Plugin 1
Description
Jenkins OWASP ZAP Plugin 1
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
19 vulnerabilities from Jenkins
← Back to all CVEsJenkins OWASP ZAP Plugin 1
Jenkins OWASP ZAP Plugin 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins External Workspace Manager Plugin 1
Jenkins External Workspace Manager Plugin 1
---METADATA---
VENDOR: Jenkins
PRODUCT: External Workspace Manager Plugin
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical vulnerability exists in the Jenkins External Workspace Manager Plugin, potentially allowing for unauthorized access or system compromise.
Executive Summary:
A high-severity vulnerability in the Jenkins External Workspace Manager Plugin exposes the build environment to unauthorized access and potential system exploitation.
Vulnerability Details
CVE-ID: CVE-2026-57296
Affected Software: Jenkins External Workspace Manager Plugin
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability involves flaws within the External Workspace Manager Plugin that may allow an attacker to bypass security constraints. While authentication requirements are vendor-specific, such plugin vulnerabilities often permit authenticated users or unauthenticated attackers to perform unauthorized actions within the Jenkins controller.
Business Impact
Successful exploitation can lead to full compromise of the Jenkins build environment, allowing attackers to inject malicious code into CI/CD pipelines or exfiltrate sensitive credentials. With a CVSS score of 8.8, this vulnerability poses a severe risk to software supply chain integrity and overall organizational security posture.
Remediation Plan
Immediate Action: Update the Jenkins External Workspace Manager Plugin to the latest patched version immediately.
Proactive Monitoring: Review Jenkins audit logs for unauthorized plugin configuration changes or suspicious build activities.
Compensating Controls: If an update is not immediately feasible, restrict access to the Jenkins instance and disable the affected plugin to prevent exploitation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 25, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Due to the high CVSS score and the critical role of Jenkins in the development lifecycle, this vulnerability must be treated with urgency. Security teams should ensure that all Jenkins plugins are kept up to date and that the External Workspace Manager plugin is patched to prevent unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins Script Security Plugin 1402
Jenkins Script Security Plugin 1402
---METADATA---
VENDOR: Jenkins
PRODUCT: Script Security Plugin
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A critical security vulnerability has been identified in the Jenkins Script Security Plugin, potentially allowing for unauthorized script execution.
Executive Summary:
The Jenkins Script Security Plugin contains a high-severity flaw that may allow unauthorized actors to bypass security controls and execute arbitrary code within the Jenkins environment.
Vulnerability Details
CVE-ID: CVE-2026-57280
Affected Software: Jenkins Script Security Plugin
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability involves a failure in the Script Security Plugin's ability to properly enforce security policies for script execution. Depending on the configuration, an authenticated user—or in some scenarios, an unauthenticated attacker—could potentially execute unauthorized scripts on the Jenkins controller.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a severe threat to CI/CD pipeline integrity. Successful exploitation could grant an attacker full control over Jenkins tasks, leading to the exfiltration of build secrets, source code compromise, or the injection of malicious code into downstream production deployments.
Remediation Plan
Immediate Action: Upgrade the Jenkins Script Security Plugin to the latest patched version provided by the Jenkins project.
Proactive Monitoring: Review Jenkins audit logs for unauthorized script execution attempts or modifications to existing pipeline configurations.
Compensating Controls: Implement strict Role-Based Access Control (RBAC) and limit the ability of users to define or modify scripts within the Jenkins environment.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 25, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Jenkins instances are high-value targets for supply chain attacks. It is imperative that security teams audit their Jenkins plugin configurations and apply the necessary updates immediately to prevent potential remote code execution and unauthorized access to build infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
In Jenkins 2
In Jenkins 2
---METADATA---
VENDOR: Jenkins
PRODUCT: Jenkins
AFFECTED_VERSIONS: See vendor advisory for affected versions
---END_METADATA---
Description Summary:
Jenkins 2 is subject to a high-severity vulnerability involving the deserialization of arbitrary data.
Executive Summary:
An arbitrary deserialization vulnerability in Jenkins 2 poses a critical risk of remote code execution.
Vulnerability Details
CVE-ID: CVE-2026-53435
Affected Software: Jenkins
Affected Versions: See vendor advisory for affected versions
Vulnerability: The vulnerability involves the unsafe deserialization of arbitrary data within Jenkins 2. This flaw can be weaponized by an attacker to execute arbitrary code on the underlying server hosting the Jenkins instance.
Business Impact
A CVSS score of 8.8 highlights the severity of this remote code execution risk. Successful exploitation could lead to full system compromise, allowing attackers to access CI/CD pipelines, steal secrets, inject malicious code into build processes, or pivot deeper into the internal network.
Remediation Plan
Immediate Action: Update Jenkins to the latest version as recommended by the vendor to remediate the deserialization flaw.
Proactive Monitoring: Monitor build server logs for unusual process execution or unauthorized network connections originating from the Jenkins service.
Compensating Controls: Ensure the Jenkins instance is isolated from the public internet and restrict access to authorized users via VPN or robust authentication mechanisms.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 11, 2026, there is no public information indicating active exploitation of this vulnerability. The risk of remote code execution makes this a high-priority remediation task.
Analyst Recommendation
Given the critical role of Jenkins in the development lifecycle, this vulnerability presents a major risk to the entire software supply chain. Administrators must prioritize applying the latest security updates to prevent unauthorized code execution.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins Email Extension Plugin 1933
Jenkins Email Extension Plugin 1933
---METADATA---
VENDOR: Jenkins
PRODUCT: Email Extension Plugin
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: versions, patch, exploit_status, technical_details
---END_METADATA---
Description Summary:
A security vulnerability has been identified in the Jenkins Email Extension Plugin, potentially impacting the integrity or security of the CI/CD pipeline.
Executive Summary:
The Jenkins Email Extension Plugin is subject to a high-severity vulnerability that could compromise the security of the Jenkins automation environment.
Vulnerability Details
CVE-ID: CVE-2026-48920
Affected Software: Jenkins Email Extension Plugin
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability impacts the Email Extension Plugin version 1933; however, specific details regarding the nature of the flaw or authentication requirements are currently limited.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a substantial risk to build servers and CI/CD pipelines. Exploitation could allow attackers to gain unauthorized access to Jenkins, potentially leading to supply chain compromises or the exfiltration of sensitive build credentials and source code.
Remediation Plan
Immediate Action: Check the Jenkins security advisory page for the latest plugin updates and upgrade the Email Extension Plugin to the patched version as soon as it is released.
Proactive Monitoring: Monitor Jenkins server logs for unusual email-related activity or unauthorized plugin configuration changes.
Compensating Controls: Restrict plugin access and permissions within the Jenkins dashboard to the minimum necessary for operational requirements to limit potential impact.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 28, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Jenkins environments are high-value targets for attackers. Security teams should prioritize updating this plugin immediately upon the release of a patch to prevent lateral movement or unauthorized access to the CI/CD infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting...
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
The Jenkins GitHub Plugin contains a stored cross-site scripting (XSS) vulnerability due to improper URL processing during GitHub hook trigger validat...
The Jenkins GitHub Plugin contains a stored cross-site scripting (XSS) vulnerability due to improper URL processing during GitHub hook trigger validation.
---METADATA---
VENDOR: Jenkins
PRODUCT: GitHub Plugin
AFFECTED_VERSIONS: 1.46.0 and earlier
---END_METADATA---
Description Summary:
The Jenkins GitHub Plugin contains a stored cross-site scripting (XSS) vulnerability due to improper URL processing during GitHub hook trigger validation.
Executive Summary:
A stored XSS vulnerability in the Jenkins GitHub Plugin allows authenticated attackers with read permissions to execute arbitrary JavaScript in the context of the application.
Vulnerability Details
CVE-ID: CVE-2026-42523
Affected Software: Jenkins GitHub Plugin
Affected Versions: 1.46.0 and earlier
Vulnerability: This vulnerability involves improper sanitization of job URLs within the GitHub hook trigger feature, allowing an attacker with existing "Overall/Read" permissions to inject malicious scripts that execute in the browser of other users.
Business Impact
Successful exploitation allows an attacker to perform actions on behalf of other users, potentially leading to unauthorized configuration changes or credential theft. With a CVSS score of 9.0, this critical severity reflects the potential for significant compromise of the CI/CD pipeline integrity and associated administrative accounts.
Remediation Plan
Immediate Action: Update the Jenkins GitHub Plugin to the latest available version as specified by the vendor security advisory.
Proactive Monitoring: Review access logs for suspicious activity involving job configuration changes or unusual URL parameters.
Compensating Controls: Implement strict Content Security Policy (CSP) headers where possible to mitigate the execution of unauthorized scripts.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of April 29, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical nature of this vulnerability and its impact on the development environment, administrators should prioritize patching the GitHub Plugin immediately. Failure to address this flaw could allow attackers to gain elevated control over the Jenkins instance.
Update Jenkins GitHub Plugin to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Jenkins Credentials Binding Plugin 719
Jenkins Credentials Binding Plugin 719
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins 2
Jenkins 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins 2
Jenkins 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins 2
Jenkins 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer
PIA's OIDC issuer allowlist for Jenkins tokens uses a bare string-prefix check (issuer
---METADATA---
VENDOR: Eclipse
PRODUCT: PIA (OIDC issuer allowlist)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
The PIA OIDC issuer allowlist for Jenkins tokens is vulnerable to improper validation, using a bare string-prefix check that may allow unauthorized token issuance.
Executive Summary:
An authentication bypass vulnerability in the Eclipse PIA OIDC issuer allowlist permits unauthorized Jenkins token validation, posing a significant risk to CI/CD pipeline integrity.
Vulnerability Details
CVE-ID: CVE-2026-14336
Affected Software: Eclipse PIA
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists because the OIDC issuer allowlist implementation relies on a weak string-prefix check. This flaw may allow an attacker to bypass intended authentication constraints, potentially masquerading as a legitimate OIDC issuer to obtain unauthorized Jenkins tokens.
Business Impact
Exploitation of this vulnerability could grant an attacker unauthorized access to Jenkins CI/CD pipelines, enabling code injection, credential theft, or the compromise of sensitive development environments. With a CVSS score of 8.2, the risk to the software supply chain is substantial, potentially leading to unauthorized deployments or internal system compromise.
Remediation Plan
Immediate Action: Apply the vendor-provided security update immediately to replace the weak prefix check with strict, full-string validation.
Proactive Monitoring: Audit Jenkins access logs for unexpected OIDC authentication events or tokens associated with unknown or suspicious issuers.
Compensating Controls: Implement strict network segmentation and reinforce OIDC configuration policies to ensure only trusted issuers are permitted within the CI/CD infrastructure.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability represents a high-risk security gap in authentication logic. It is imperative that security teams verify their current configuration and apply the vendor patch as soon as it becomes available to prevent unauthorized access to sensitive build environments.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins Coverage Plugin 2
Jenkins Coverage Plugin 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins 2
Jenkins 2
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins JDepend Plugin 1
Jenkins JDepend Plugin 1
Executive Summary:
A high-severity vulnerability has been discovered in the Jenkins JDepend Plugin, which could allow an attacker to compromise the Jenkins environment. Successful exploitation could lead to an attacker gaining administrative control, stealing sensitive data like source code and credentials, and potentially injecting malicious code into the software build and deployment pipeline. Organizations are urged to apply the vendor-supplied security update immediately to mitigate this significant risk to their development infrastructure.
Vulnerability Details
CVE-ID: CVE-2025-64134
Affected Software: Jenkins Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The Jenkins JDepend Plugin is vulnerable to a stored cross-site scripting (XSS) attack. An attacker with permission to configure jobs can inject malicious HTML and JavaScript code into a project's configuration parameters. This malicious code is then stored on the Jenkins server and is executed in the browser of any user who views the affected project's page, including administrators. This could allow the attacker to steal session cookies, impersonate high-privilege users, and perform administrative actions on their behalf, leading to a full compromise of the Jenkins instance.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.1. Exploitation poses a direct threat to the integrity and confidentiality of the organization's software supply chain. An attacker could leverage this vulnerability to escalate privileges, access and exfiltrate sensitive source code, API keys, and other credentials stored within Jenkins. The most severe risk is the potential for an attacker to manipulate the CI/CD pipeline to inject malicious backdoors or malware into production software, leading to a widespread compromise of downstream customers and significant reputational and financial damage.
Remediation Plan
Immediate Action: Apply vendor security updates immediately to all Jenkins instances running the affected JDepend Plugin. After patching, monitor for any signs of exploitation attempts by reviewing Jenkins access logs for unusual or unauthorized configuration changes to build jobs.
Proactive Monitoring: Security teams should actively monitor Jenkins server logs for suspicious activity, such as unexpected modifications to job config.xml files, particularly the injection of <script> or other HTML tags. Monitor network traffic for unusual outbound connections from the Jenkins server, which could indicate data exfiltration or command-and-control communication. Set up alerts for any builds that are triggered or modified outside of normal operational patterns.
Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 29, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities in widely-used CI/CD tools like Jenkins are attractive targets for threat actors. It is highly probable that security researchers will develop and publish proof-of-concept (PoC) exploits in the near future, increasing the likelihood of exploitation.
Analyst Recommendation
Given the high-severity rating and the critical role of Jenkins in the software development lifecycle, this vulnerability requires immediate attention. Although not currently listed on the CISA KEV catalog, its potential for enabling supply chain attacks makes it a significant threat. We strongly recommend that organizations prioritize the deployment of the vendor-provided patch across all affected systems without delay. In parallel, implement the proactive monitoring and compensating controls detailed above to enhance detection capabilities and provide layered defense against potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins SAML Plugin 4
Jenkins SAML Plugin 4
Executive Summary:
A high-severity vulnerability has been identified in the Jenkins SAML Plugin, which could allow an unauthenticated attacker to bypass security controls and gain unauthorized access to the Jenkins server. Successful exploitation could lead to the compromise of sensitive source code, deployment credentials, and the integrity of the software build and deployment pipeline.
Vulnerability Details
CVE-ID: CVE-2025-64131
Affected Software: Jenkins SAML Plugin
Affected Versions: See vendor advisory for specific affected versions.
Vulnerability: The Jenkins SAML Plugin fails to properly validate the cryptographic signature of incoming SAML assertions. An unauthenticated remote attacker can exploit this flaw by crafting a malicious SAML response containing a valid user identifier but an invalid or missing signature. The plugin processes this response as authentic, granting the attacker access to the Jenkins instance with the permissions of the impersonated user.
Business Impact
This vulnerability is rated as High severity with a CVSS score of 7.5. A successful exploit would grant an attacker unauthorized access to the Jenkins automation server, a central component of the software development lifecycle. The potential consequences include the theft of intellectual property and source code, compromise of secrets and credentials stored within Jenkins, injection of malicious code into the CI/CD pipeline (supply chain attack), and disruption of critical development and deployment operations. This poses a significant risk to data confidentiality, system integrity, and operational availability.
Remediation Plan
Immediate Action: Apply the security updates released by Jenkins for the SAML Plugin immediately to patch the vulnerability. Concurrently, system administrators should begin monitoring for signs of exploitation and conduct a thorough review of access logs for any anomalous or unauthorized login activity preceding the patch.
Proactive Monitoring: Monitor Jenkins application and security logs for malformed or unusual SAML authentication requests, specifically those with signature validation errors or unexpected issuer values. Network traffic should be monitored for anomalous connections to the Jenkins web interface. Implement alerts for successful logins from previously unseen IP addresses or geolocations.
Compensating Controls: If immediate patching is not feasible, consider implementing the following controls:
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of October 29, 2025, there are no known public exploits or active exploitation campaigns targeting this vulnerability. However, vulnerabilities related to SAML signature validation are well-understood and exploits can be developed quickly. Given the critical role of Jenkins in enterprise environments, security researchers and threat actors are likely to prioritize analyzing this flaw.
Analyst Recommendation
This vulnerability presents a clear and present danger to the software supply chain. Due to the high CVSS score and the critical nature of the affected asset, we recommend that organizations prioritize the immediate patching of all affected Jenkins instances. Although this CVE is not yet on the CISA KEV list, its potential for enabling significant unauthorized access warrants an emergency-level response. Organizations should treat this as a critical priority and apply the vendor-supplied patch within their established timeframe for critical vulnerabilities.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins Git Parameter Plugin 439
Jenkins Git Parameter Plugin 439
Executive Summary:
A high-severity vulnerability has been identified in the Jenkins Git Parameter Plugin which, if exploited, could lead to a compromise of the affected Jenkins instance.
Vulnerability Details
CVE-ID: CVE-2025-53652
Affected Software: Jenkins Git Parameter Plugin
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The Jenkins Git Parameter Plugin is affected by an unspecified vulnerability. The provided details do not specify the exact flaw, attack vector, or the authentication level required for an attacker to exploit this issue.
Business Impact
A successful exploit of this vulnerability could have severe consequences for the CI/CD pipeline and development infrastructure. The assigned CVSS score of 8.2 (High) indicates a significant risk, potentially allowing an attacker to gain unauthorized access, manipulate build processes, or exfiltrate sensitive data such as source code and credentials. This poses a direct threat to operational integrity and intellectual property.
Remediation Plan
Immediate Action: Administrators must consult the vendor's security advisory and apply the recommended security updates to the Git Parameter Plugin immediately to mitigate this vulnerability.
Proactive Monitoring: Review Jenkins access and system logs for any unusual or unauthorized activity, particularly related to build jobs utilizing the Git Parameter Plugin.
Compensating Controls: If immediate patching is not feasible, consider implementing a Web Application Firewall (WAF) with rules designed to protect Jenkins and restrict access to the Jenkins instance to only trusted networks and authenticated users.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 10, 2025, there is no public information indicating active exploitation of this vulnerability. However, given the high-severity nature of the flaw and the ubiquity of Jenkins, the potential for future exploitation is high.
Analyst Recommendation
Given the critical role of Jenkins in software development and deployment pipelines, this vulnerability represents a significant risk to the organization. We strongly urge administrators to prioritize the remediation of this flaw by applying the vendor-supplied patches without delay. Proactive patching is the most effective method to prevent potential compromise of the CI/CD environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins Credentials Binding Plugin 687
Jenkins Credentials Binding Plugin 687
Executive Summary:
A high-severity vulnerability in the Jenkins Credentials Binding Plugin could allow an authenticated attacker to access sensitive credentials, potentially leading to privilege escalation and unauthorized access to integrated systems.
Vulnerability Details
CVE-ID: CVE-2025-53650
Affected Software: Jenkins Multiple Products
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: A flaw exists within the Jenkins Credentials Binding Plugin related to how it handles access to credentials. An authenticated attacker with permissions to configure jobs could potentially exploit this vulnerability to bind and access credentials beyond their intended scope.
Business Impact
A successful exploit could lead to a significant compromise of sensitive information, as an attacker could gain access to credentials stored within Jenkins. These credentials could then be used to pivot to other critical internal or external systems, resulting in a wider security breach. The assigned CVSS score of 7.3 (High) underscores the risk of privilege escalation and unauthorized access to critical assets.
Remediation Plan
Immediate Action: Administrators should consult the official Jenkins security advisory and apply the recommended updates to the Credentials Binding Plugin immediately.
Proactive Monitoring: Review Jenkins audit and access logs for any unusual or unauthorized modifications to job configurations or anomalous credential access patterns.
Compensating Controls: Employ a Web Application Firewall (WAF) with rules tailored to protect the Jenkins environment. This can provide a layer of defense by blocking suspicious requests targeting the application.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of July 10, 2025, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw and the high value of credentials, the potential for future exploitation is significant.
Analyst Recommendation
Given the critical function of the Credentials Binding Plugin, this vulnerability presents a direct threat to the security of any environment it is integrated with. We strongly recommend that administrators prioritize the application of the vendor-supplied patch without delay. Immediate remediation is the most effective way to mitigate the risk of credential theft and subsequent system compromise.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
Jenkins Remote Code Execution Vulnerability - Active in CISA KEV catalog.
FEDERAL DEADLINE: October 22, 2025 (21 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. FEDERAL DEADLINE: October 22, 2025 (21 days). Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Deadline: October 22, 2025
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
---METADATA---
VENDOR: Jenkins
PRODUCT: OWASP ZAP Plugin
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the Jenkins OWASP ZAP Plugin may allow attackers to exploit security testing configurations to gain unauthorized access or execute code.
Executive Summary:
A high-severity vulnerability in the Jenkins OWASP ZAP Plugin could allow malicious actors to compromise the CI/CD pipeline and execute arbitrary commands on the host system.
Vulnerability Details
CVE-ID: CVE-2026-57301
Affected Software: Jenkins OWASP ZAP Plugin
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This flaw exists within the OWASP ZAP Plugin for Jenkins, impacting how the plugin processes security scan inputs or configurations. If left unpatched, the vulnerability may allow an attacker to bypass intended security constraints, potentially leading to remote code execution on the Jenkins server.
Business Impact
The CVSS score of 8.8 underscores the critical nature of this flaw, as it directly impacts the security of the automated testing infrastructure. Compromise of the ZAP plugin can lead to the exposure of internal network topologies, sensitive scan data, or provide a foothold for lateral movement into the broader corporate network.
Remediation Plan
Immediate Action: Update the Jenkins OWASP ZAP Plugin to the latest version released by the vendor to ensure all security patches are applied.
Proactive Monitoring: Monitor the Jenkins server for unusual outbound network connections or unexpected child processes spawned by the ZAP plugin.
Compensating Controls: Isolate Jenkins build agents in restricted network segments and apply WAF rules to filter malicious payloads directed at the Jenkins interface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 25, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Because the OWASP ZAP Plugin is designed to perform security testing, its compromise is particularly dangerous as it may be used to mask malicious activity. Administrators must apply the recommended plugin updates immediately to maintain the integrity of their security testing environment and the overall CI/CD pipeline.