Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-57281
Modified
More InfoOfficial Page
Source-jenkinsci-cert@googlegroups.com
View Known Exploited Vulnerability (KEV) details
Published At-24 Jun, 2026 | 14:17
Updated At-30 Jun, 2026 | 03:21

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.5HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Jenkins
jenkins
>>script_security>>Versions up to 1402.v94c9ce464861(inclusive)
cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*
Weaknesses
CWE IDTypeSource
CWE-93Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-693Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-917Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-93
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-693
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-917
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3793jenkinsci-cert@googlegroups.com
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-572810b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24922000b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-57281.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3793
Source: jenkinsci-cert@googlegroups.com
Resource:
Vendor Advisory
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-57281
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2492200
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-57281.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Change History
0Changes found

Details not found