Is Jenkins affected by EUVD-2026-12845?

Organizations using validation of requests made face notable risk from CVE-2026-33002 rated CVSS 7.5. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and consider compensating controls in the interim.

EUVD-2026-12845

| CVE-2026-33002 HIGH

2026-03-18 jenkins

GHSA-phhv-63fh-rrc8

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 18, 2026 - 15:45 vuln.today

EUVD ID Assigned

Mar 18, 2026 - 15:45 euvd

EUVD-2026-12845

CVE Published

Mar 18, 2026 - 15:15 nvd

HIGH 7.5

Description

Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation.

Analysis

Jenkins versions 2.442 through 2.554 and LTS 2.426.3 through 2.541.2 contain an origin validation bypass vulnerability in the CLI WebSocket endpoint that allows attackers to conduct DNS rebinding attacks. The vulnerability stems from improper use of Host and X-Forwarded-Host headers to compute expected request origins, enabling attackers to bypass authentication controls and potentially execute arbitrary commands through the CLI WebSocket interface. …

Remediation

Within 7 days: Identify all affected systems running validation of requests made and apply vendor patches promptly. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

EUVD-2026-12845 vulnerability details – vuln.today

Back

EUVD-2026-12845

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-12845

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code