CVE-2026-57281

HIGH

Jenkins Script Security Plugin < 1402.v94c9ce464861 - Protection Mechanism Failure

Title source: rule
STIX 2.1

Description

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Scores

CVSS v3 7.5
EPSS 0.0059
EPSS Percentile 44.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-693 CWE-917 CWE-93
Status published
Products (2)
jenkins/script_security < 1402.v94c9ce464861
Jenkins Project/Jenkins Script Security Plugin < 1402.v94c9ce464861
Published Jun 24, 2026
Tracked Since Jun 24, 2026