What is the CVSS score of CVE-2026-33004?

CVE-2026-33004 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of Jenkins are affected by CVE-2026-33004?

CVE-2026-33004 presents moderate security risk, a information exposure vulnerability rated CVSS 4.3. Sensitive information could be exposed to unauthorized parties.. A patch is available.

Jenkins CVE-2026-33004

EUVD-2026-12849 MEDIUM

Information Exposure (CWE-200)

2026-03-18 jenkins

GHSA-p9hg-wrmv-v8cp

Information Disclosure Jenkins

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 18, 2026 - 15:45 euvd

EUVD-2026-12849

Analysis Generated

Mar 18, 2026 - 15:45 vuln.today

CVE Published

Mar 18, 2026 - 15:15 nvd

MEDIUM 4.3

DescriptionNVD

Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

AnalysisAI

The Jenkins LoadNinja Plugin version 2.1 and earlier fails to mask LoadNinja API keys displayed on the job configuration form, allowing attackers with access to the Jenkins web interface to observe and capture sensitive credentials. This information disclosure vulnerability affects Jenkins administrators and users with job configuration visibility, enabling credential theft that could lead to unauthorized access to LoadNinja services and associated testing infrastructure. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Review data exposure and access controls.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-48920 HIGH This Week

8.8 May 27

Arbitrary file disclosure in the Jenkins Email Extension Plugin (email-ext) versions 1933.v45cec755423f and earlier lets

CVE-2026-48922 HIGH This Week

7.5 May 27

Arbitrary file write in the Jenkins Credentials Binding Plugin (version 720.v3f6decef43ea_ and earlier) lets users who c

CVE-2026-48921 HIGH This Week

7.5 May 27

Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 79

CVE-2026-48919 MEDIUM This Month

6.6 May 27

Unsafe deserialization in Jenkins Active Directory Plugin 2.41 and earlier allows a remote attacker holding administrati

CVE-2026-48918 MEDIUM This Month

6.6 May 27

Server-Side Request Forgery in Jenkins Active Directory Plugin 2.41 and earlier enables a highly privileged attacker to

CVE-2026-33004 vulnerability details – vuln.today

Back

Jenkins CVE-2026-33004

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code