CVE Catalog

CVE-2026-57284

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile — higher than 19% of all known CVEs

Summary

Jenkins Pipeline: Groovy Plugin version 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

Risk Assessment

The risk involves potential unauthorized modification of job or system configuration in Jenkins, which could lead to privilege escalation, data integrity compromise, or full control over the CI/CD server.

Recommendation

It is recommended to immediately update Jenkins Pipeline: Groovy Plugin to a version newer than 4331.v9d06ed4658ff that includes proper type restrictions in the Pipeline Snippet Generator.

Original NVD description (English source)

Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS