CVE-2026-57290
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration.
Risk Assessment
An attacker can exploit CSRF to change job priorities, potentially disrupting job scheduling and compromising the integrity of CI/CD processes.
Recommendation
It is recommended to immediately update the Priority Sorter plugin to a version newer than 936.v2c01c6b_84449 and implement CSRF protection mechanisms such as synchronization tokens.
Original NVD description (English source)
A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration.

