22
CVEs
1
Critical
5
High
0
KEV
0
PoC
3
Unpatched C/H
36.4%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
5
MEDIUM
15
LOW
0
Monthly CVE Trend
Affected Products (30)
Jervis
7
Applitools Eyes
3
Cadence Vmanager
3
Open Redirect
3
Java
3
Nouvola Divecloud
2
Vaddy
2
Azure Service Fabric
2
Qmetry Test Management
2
Xooa
2
Sensedia Api Platform Tools
2
Readyapi Functional Testing
2
Apica Loadtest
2
Asakusasatellite
2
Statistics Gatherer
2
Docker
2
Monitor Remote Job
1
Openid Connect Authentication
1
Openid Connect Provider
1
Opentelemetry
1
Simple Queue
1
Ssh Agent
1
Ssh Slave
1
Stack Hammer
1
Templating Engine
1
Testsigma Test Plan Run
1
User1st Utester
1
Virtual Appliance Application
1
Virtual Appliance Host
1
Warrior Framework
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-42523 | Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub | CRITICAL | 9.0 | 0.0% | 45 |
|
| CVE-2026-48920 | Arbitrary file disclosure in the Jenkins Email Extension Plugin (email-ext) versions 1933.v45cec755423f and earlier lets users who can control email content abuse the data-inline image attribute to supply file: URLs, causing the Jenkins controller to read local files and embed their contents as base64 inside outgoing emails. An authenticated attacker with rights to edit job email configuration or templates (CVSS PR:L) can exfiltrate controller secrets, credentials, and configuration. There is no public exploit identified at time of analysis and CISA's SSVC rates exploitation as none, but the CVSS 8.8 score and 'total' technical impact make controller secret theft a serious concern in shared Jenkins environments. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-42524 | Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting | HIGH | 8.0 | 0.0% | 40 |
|
| CVE-2026-42520 | Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers a | HIGH | 7.5 | 0.3% | 38 |
|
| CVE-2026-48922 | Arbitrary file write in the Jenkins Credentials Binding Plugin (version 720.v3f6decef43ea_ and earlier) lets users who can supply file or zip-file credentials to a job write files to attacker-chosen paths on the node filesystem, escalating to remote code execution when Jenkins is configured to let a low-privileged user configure such credentials for a job running on the built-in node. The flaw stems from missing file-name sanitization on the file and zip credential types. Rated CVSS 7.5 with high attack complexity (AC:H); no public exploit identified at time of analysis and the issue is not in CISA KEV. | HIGH | 7.5 | 0.2% | 38 |
No patch
|
| CVE-2026-48921 | Arbitrary file read on the Jenkins controller is possible in the Jenkins 'Pipeline: Groovy Libraries Plugin' (version 797.v90ea_a_9b_e45a_0 and earlier), where the plugin fails to prohibit symbolic links inside shared libraries. An attacker who can control the contents of a shared library consumed by a Pipeline job can plant symlinks that resolve to sensitive files (credentials, secrets, configuration) on the controller filesystem and exfiltrate them through the build. There is no public exploit identified at time of analysis, and SSVC marks exploitation status as none, so this is a patch-and-move-on issue rather than an active-exploitation emergency. | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2026-48919 | Unsafe deserialization in Jenkins Active Directory Plugin 2.41 and earlier allows a remote attacker holding administrative credentials to achieve full system compromise by manipulating the LDAP referral processing path. The plugin deserializes data received from LDAP referrals without validation (CWE-502), which can enable arbitrary code execution on the Jenkins controller. No public exploit exists at time of analysis, and CISA SSVC assesses this as not automatable, though technical impact is rated total - making it a targeted rather than opportunistic threat. | MEDIUM | 6.6 | 0.1% | 33 |
No patch
|
| CVE-2026-48918 | Server-Side Request Forgery in Jenkins Active Directory Plugin 2.41 and earlier enables a highly privileged attacker to abuse the plugin's default LDAP referral-following behavior to force Jenkins to issue out-of-band requests to attacker-controlled or internal network hosts. The vulnerability (CWE-918) stems from the plugin not restricting LDAP referrals by default, which can be weaponized to pivot from the Jenkins server into internal infrastructure. No public exploit code exists and SSVC confirms no known active exploitation, but the technical impact is rated total - confidentiality, integrity, and availability are all at risk if exploitation succeeds. | MEDIUM | 6.6 | 0.0% | 33 |
No patch
|
| CVE-2026-48916 | Unconstrained LDAP referral following in Jenkins LDAP Plugin (≤ 807.v7d7de30930cf) enables Server-Side Request Forgery, allowing a highly privileged attacker who controls LDAP configuration to force the Jenkins server to initiate connections to arbitrary internal hosts by supplying a malicious LDAP server that returns crafted referrals. The CVSS score of 6.6 reflects genuine constraints: network-reachable but requiring both high privileges and high attack complexity, with High confidentiality, integrity, and availability impact if those barriers are cleared. SSVC assessment confirms no current exploitation and a non-automatable attack path, though technical impact is rated total; no public exploit code has been identified at time of analysis. | MEDIUM | 6.6 | 0.0% | 33 |
No patch
|
| CVE-2026-48917 | Jenkins LDAP Plugin versions up to and including 807.v7d7de30930cf deserializes Java objects returned via LDAP referral responses without any validation, exposing the underlying Jenkins instance to potential remote code execution via classic Java deserialization gadget chains. Exploitation is constrained by a high privilege requirement and high attack complexity (CVSS PR:H/AC:H), limiting realistic scenarios to attackers who already hold Jenkins administrative credentials or can manipulate LDAP referral destinations. No public exploit code has been identified and this vulnerability does not appear in the CISA KEV catalog at time of analysis. | MEDIUM | 6.6 | 0.1% | 33 |
No patch
|
| CVE-2026-42521 | Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in conf | MEDIUM | 6.5 | 0.0% | 33 |
|
| CVE-2026-48927 | Stored cross-site scripting in Jenkins buildgraph-view Plugin 1.8 and earlier allows authenticated attackers with job or view configuration privileges to inject persistent malicious scripts via an unescaped build URL. Any Jenkins user who subsequently views the affected build graph page triggers execution of the attacker-controlled script in their browser context. No active exploitation is confirmed (not in CISA KEV) and no public exploit code is known; SSVC rates exploitation status as none with partial technical impact. | MEDIUM | 5.5 | 0.0% | 28 |
No patch
|
| CVE-2026-7168 | Cross-proxy Digest authentication state leak in curl allows remote attackers to obtain sensitive authentication credentials when curl is used with proxy authentication across multiple proxy hops. The vulnerability affects curl versions from 7.12.0 through 8.19.0 due to improper handling of Digest authentication state between proxies, enabling credential disclosure with network-level access and no authentication requirements. EPSS score of 0.03% suggests low real-world exploitation probability despite the information disclosure impact. | MEDIUM | 5.3 | 0.0% | 27 |
|
| CVE-2026-42525 | Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attacke | MEDIUM | 4.3 | 0.0% | 22 |
|
| CVE-2026-48924 | Open redirect vulnerability in Jenkins Bitbucket OAuth Plugin 0.17 and earlier enables unauthenticated network attackers to craft login URLs that redirect authenticated victims to arbitrary, attacker-controlled destinations, facilitating phishing campaigns targeting Jenkins users. The plugin fails to validate or restrict the post-login redirect URL parameter, classified under CWE-601. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis; the CVSS 4.3 Medium rating reflects network reachability offset by a mandatory user interaction requirement. | MEDIUM | 4.3 | 0.0% | 22 |
No patch
|