CVE Catalog

CVE-2026-57298

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

The Jenkins Contrast Continuous Application Security Plugin version 3.11 and earlier contains a cross-site request forgery (CSRF) vulnerability that allows attackers to force Jenkins to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

Risk Assessment

This vulnerability could lead to unauthorized access to resources and potential data leakage, posing a serious threat to the organization's security.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability and implement additional protections against CSRF attacks.

Original NVD description (English source)

A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS