EIP-2026-102384

PRE-CVE

Jenkins 1.626 - Cross-Site Request Forgery / Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102384. PoCs published by smash.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Jenkins 1.626, allowing remote attackers to execute arbitrary code via Groovy script execution. It includes examples for user manipulation and command execution on the target system.

Description

Jenkins 1.626 - Cross-Site Request Forgery / Code Execution

Exploits (1)

exploitdb WORKING POC

by smash · textwebappsjava

https://www.exploit-db.com/exploits/37999

View Code ZIP pw:eip

This exploit demonstrates a CSRF vulnerability in Jenkins 1.626, allowing remote attackers to execute arbitrary code via Groovy script execution. It includes examples for user manipulation and command execution on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Jenkins 1.626

Auth required

Prerequisites: Victim must be authenticated in Jenkins · Attacker must trick victim into visiting a malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026