wid-sec-w-2026-1320 · Published 2026-04-29 · View on BSI CERT-Bund ↗

Jenkins Plugins: Multiple Vulnerabilities

CVSS 9.0 CRITICAL

Risk Summary

Ein Angreifer kann mehrere Schwachstellen in Jenkins ausnutzen, um beliebigen Code auszuführen, Daten zu manipulieren, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen sowie Cross-Site-Scripting- oder Phishing-Angriffe durchzuführen.

CVEs (7)

CVE-2026-42519 CVE-2026-42520 CVE-2026-42521 CVE-2026-42522 CVE-2026-42523 CVE-2026-42524 CVE-2026-42525

Affected Vendors

Jenkins

Affected Products (14)

Jenkins · Jenkins Credentials Binding Plugin <720.v3f6decef43ea

Jenkins · Jenkins Credentials Binding Plugin 720.v3f6decef43ea

Jenkins · Jenkins GitHub Plugin <1.46.0.1

Jenkins · Jenkins GitHub Plugin 1.46.0.1

Jenkins · Jenkins GitHub Branch Source Plugin <1967.1969.v205fd594c821

Jenkins · Jenkins GitHub Branch Source Plugin 1967.1969.v205fd594c821

Jenkins · Jenkins HTML Publisher Plugin <427.1

Jenkins · Jenkins HTML Publisher Plugin 427.1

Jenkins · Jenkins Matrix Authorization Strategy Plugin <3.2.10

Jenkins · Jenkins Matrix Authorization Strategy Plugin 3.2.10

Jenkins · Jenkins Microsoft Entra ID Plugin <667.v4c5827a_e74a_0

Jenkins · Jenkins Microsoft Entra ID Plugin 667.v4c5827a_e74a_0

Jenkins · Jenkins Script Security Plugin <1402.v94c9ce464861

Jenkins · Jenkins Script Security Plugin 1402.v94c9ce464861

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more