Jenkins Script Security Plugin EUVD-2026-26220

| CVE-2026-42519 MEDIUM
Missing Authorization (CWE-862)
2026-04-29 jenkins
Jenkins Authentication Bypass Jenkins Script Security Plugin
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVSS changed
Apr 29, 2026 - 15:22 NVD
4.3 (None) 4.3 (MEDIUM)

DescriptionNVD

A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.

Analysis

A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-42523 CRITICAL
9.0 Apr 29

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing val
CVE-2026-42524 HIGH
8.0 Apr 29

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in

CVE-2026-42520 HIGH
7.5 Apr 29

Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file cre
CVE-2026-42521 MEDIUM
6.5 Apr 29

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructor
CVE-2026-42522 MEDIUM
4.3 Apr 29

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers wi

Share

EUVD-2026-26220 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy