37
CVEs
1
Critical
15
High
0
KEV
0
PoC
3
Unpatched C/H
62.2%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
15
MEDIUM
20
LOW
0
Monthly CVE Trend
Affected Products (30)
Jervis
7
Applitools Eyes
3
Cadence Vmanager
3
Open Redirect
3
Java
3
Nouvola Divecloud
2
Vaddy
2
Azure Service Fabric
2
Qmetry Test Management
2
Xooa
2
Sensedia Api Platform Tools
2
Readyapi Functional Testing
2
Apica Loadtest
2
Asakusasatellite
2
Statistics Gatherer
2
Docker
2
Monitor Remote Job
1
Openid Connect Authentication
1
Openid Connect Provider
1
Opentelemetry
1
Simple Queue
1
Ssh Agent
1
Ssh Slave
1
Stack Hammer
1
Templating Engine
1
Testsigma Test Plan Run
1
User1st Utester
1
Virtual Appliance Application
1
Virtual Appliance Host
1
Warrior Framework
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-42523 | Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub | CRITICAL | 9.0 | 0.0% | 45 |
|
| CVE-2026-48920 | Arbitrary file disclosure in the Jenkins Email Extension Plugin (email-ext) versions 1933.v45cec755423f and earlier lets users who can control email content abuse the data-inline image attribute to supply file: URLs, causing the Jenkins controller to read local files and embed their contents as base64 inside outgoing emails. An authenticated attacker with rights to edit job email configuration or templates (CVSS PR:L) can exfiltrate controller secrets, credentials, and configuration. There is no public exploit identified at time of analysis and CISA's SSVC rates exploitation as none, but the CVSS 8.8 score and 'total' technical impact make controller secret theft a serious concern in shared Jenkins environments. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-33001 | Jenkins versions 2.554 and earlier (LTS 2.541.2 and earlier) contain a path traversal vulnerability in their handling of tar and tar.gz archive extraction that fails to safely process symbolic links, allowing attackers to write files to arbitrary filesystem locations. Attackers with Item/Configure permission or control over Jenkins agent processes can exploit this to deploy malicious scripts and plugins on the Jenkins controller, achieving code execution with the privileges of the Jenkins process. The vulnerability is particularly concerning because it affects the core Jenkins application and enables privilege escalation through plugin installation mechanisms. | HIGH | 8.8 | 0.0% | 44 |
|
| CVE-2026-33166 | Path traversal in Allure report generator for Jenkins allows unauthenticated attackers to read arbitrary files from the host system by crafting malicious test result files with specially crafted attachment paths. The vulnerability stems from insufficient path validation when processing attachments during report generation, enabling sensitive files to be included in generated reports. A patch is not currently available. | HIGH | 8.6 | 0.0% | 43 |
|
| CVE-2026-27099 | Jenkins versions 2.483-2.550 and LTS 2.492.1-2.541.1 contain a stored XSS vulnerability in the agent offline cause description field that fails to properly sanitize user input. Attackers with Agent/Configure or Agent/Disconnect permissions can inject malicious scripts that execute in the browsers of other users viewing the affected agent configuration. No patch is currently available for this vulnerability. | HIGH | 8.0 | 0.0% | 40 |
|
| CVE-2026-42524 | Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting | HIGH | 8.0 | 0.0% | 40 |
|
| CVE-2026-42520 | Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers a | HIGH | 7.5 | 0.3% | 38 |
|
| CVE-2026-48922 | Arbitrary file write in the Jenkins Credentials Binding Plugin (version 720.v3f6decef43ea_ and earlier) lets users who can supply file or zip-file credentials to a job write files to attacker-chosen paths on the node filesystem, escalating to remote code execution when Jenkins is configured to let a low-privileged user configure such credentials for a job running on the built-in node. The flaw stems from missing file-name sanitization on the file and zip credential types. Rated CVSS 7.5 with high attack complexity (AC:H); no public exploit identified at time of analysis and the issue is not in CISA KEV. | HIGH | 7.5 | 0.2% | 38 |
No patch
|
| CVE-2025-68704 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2026-48921 | Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 797.v90ea_a_9b_e45a_0 and earlier), where the plugin fails to prohibit symbolic links inside shared libraries. An attacker who can control the contents of a shared library consumed by a Pipeline job can plant symlinks that resolve to sensitive files (credentials, secrets, configuration) on the controller filesystem and exfiltrate them through the build. There is no public exploit identified at time of analysis, and SSVC marks exploitation status as none, so this is a patch-and-move-on issue rather than an active-exploitation emergency. | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-68931 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2025-68701 | Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5). | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2025-68702 | Jervis versions up to 2.2 is affected by use of a broken or risky cryptographic algorithm (CVSS 7.5). | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2026-33002 | Jenkins versions 2.442 through 2.554 and LTS 2.426.3 through 2.541.2 contain an origin validation bypass vulnerability in the CLI WebSocket endpoint that allows attackers to conduct DNS rebinding attacks. The vulnerability stems from improper use of Host and X-Forwarded-Host headers to compute expected request origins, enabling attackers to bypass authentication controls and potentially execute arbitrary commands through the CLI WebSocket interface. While no CVSS score, EPSS data, or active exploitation in the wild (KEV) status has been publicly disclosed, the vulnerability affects a critical Jenkins component and was responsibly disclosed by the Jenkins security team. | HIGH | 7.5 | 0.0% | 38 |
|
| CVE-2025-68703 | Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.0% | 38 |
|