Skip to main content

Jenkins External Workspace Manager Plugin

1 CVEs product

Monthly

CVE-2026-57296 HIGH This Week

Path traversal in the Jenkins External Workspace Manager Plugin (versions 1.3.2 and earlier) lets an attacker with Item/Configure permission supply traversal sequences in the custom workspace path of the exwsAllocate Pipeline step to read arbitrary files from the Jenkins controller filesystem, which the vendor notes can escalate to remote code execution. The flaw requires an authenticated low-privileged user (CVSS:3.1 PR:L, base 8.8) and is reported directly by the Jenkins security team. No public exploit identified at time of analysis, and CISA SSVC marks exploitation as none.

Path Traversal Jenkins RCE Jenkins External Workspace Manager Plugin
NVD
CVSS 3.1
8.8
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH This Week

Path traversal in the Jenkins External Workspace Manager Plugin (versions 1.3.2 and earlier) lets an attacker with Item/Configure permission supply traversal sequences in the custom workspace path of the exwsAllocate Pipeline step to read arbitrary files from the Jenkins controller filesystem, which the vendor notes can escalate to remote code execution. The flaw requires an authenticated low-privileged user (CVSS:3.1 PR:L, base 8.8) and is reported directly by the Jenkins security team. No public exploit identified at time of analysis, and CISA SSVC marks exploitation as none.

Path Traversal Jenkins RCE +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy