EIP-2026-103953

PRE-CVE

Jenkins CI Script Console - Command Execution (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103953. PoCs published by Spencer McIntyre.

AI-analyzed exploit summary This Metasploit module exploits Jenkins Script Console to execute arbitrary OS commands via Java Runtime.exec(). It supports both Windows and Unix targets, with optional authentication.

Description

Jenkins CI Script Console - Command Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC

by Spencer McIntyre · rubyremotemultiple

https://www.exploit-db.com/exploits/24206

View Code ZIP pw:eip

This Metasploit module exploits Jenkins Script Console to execute arbitrary OS commands via Java Runtime.exec(). It supports both Windows and Unix targets, with optional authentication.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Jenkins (unspecified version, disclosed 2013)

Auth required

Prerequisites: Access to Jenkins Script Console · Optional credentials if authentication is enabled

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026