CVE Catalog

CVE-2026-57290

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

A CSRF vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration.

Risk Assessment

An attacker can exploit CSRF to change job priorities, potentially disrupting job scheduling and compromising the integrity of CI/CD processes.

Recommendation

It is recommended to immediately update the Priority Sorter plugin to a version newer than 936.v2c01c6b_84449 and implement CSRF protection mechanisms such as synchronization tokens.

Original NVD description (English source)

A cross-site request forgery (CSRF) vulnerability in Jenkins Priority Sorter Plugin 936.v2c01c6b_84449 and earlier allows attackers to overwrite the global job priority configuration.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS