CVE-2026-10276
MEDIUMhekmon8 Jenkins-server-mcp 0.1.0 - Server-Side Request Forgery via jobPath Function
Title source: llmDescription
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_build. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Issue Tracking
https://github.com/hekmon8/Jenkins-server-mcp/issues/4
Permissions Required, VDB Entry
https://vuldb.com/cve/CVE-2026-10276
Permissions Required, VDB Entry
https://vuldb.com/submit/825412
Permissions Required, VDB Entry
https://vuldb.com/vuln/367569
Permissions Required, VDB Entry
https://vuldb.com/vuln/367569/cti
Scores
CVSS v3
6.3
EPSS
0.0027
EPSS Percentile
18.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-918
Status
published
Published
Jun 01, 2026
Tracked Since
Jun 02, 2026