Jenkins Html Publisher Plugin CVE-2026-42524

EUVD-2026-26226 HIGH

Cross-site Scripting (XSS) (CWE-79)

2026-04-29 jenkins

Jenkins XSS Jenkins Html Publisher Plugin

8.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 15:22 NVD

8.0 (None) 8.0 (HIGH)

DescriptionNVD

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-42523 CRITICAL Act Now

9.0 Apr 29

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing val

CVE-2026-42520 HIGH This Week

7.5 Apr 29

Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file cre

CVE-2026-42521 MEDIUM This Month

6.5 Apr 29

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructor

CVE-2026-42519 MEDIUM This Month

4.3 Apr 29

A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overa

CVE-2026-42522 MEDIUM This Month

4.3 Apr 29

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers wi

CVE-2026-42524 vulnerability details – vuln.today

Back

Jenkins Html Publisher Plugin CVE-2026-42524

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code