CVE 8.8 HIGH

CVE-2026-57280_CVE-2026-57280

June 24, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.

AI Analysis

Jenkins Script Security Plugin vulnerability allowing attackers to bypass sandbox protection

Basic Information

ID CVE-2026-57280

Source jenkins

Published Jun 24, 2026 at 13:20

Modified Jun 24, 2026 at 13:58

Affected Product

Vendor Jenkins Project

Product Jenkins Script Security Plugin

Affected Versions Jenkins Project Jenkins Script Security Plugin 0

CWE Classification

CWE-693

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Jenkins Project

Product Jenkins Script Security Plugin

Version 1402.v94c9ce464861 and earlier

References

www.jenkins.io /security/advisory/2026-06-24/

{
    "lastseen": "",
    "description": "Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.",
    "published": "2026-06-24T13:20:04.064Z",
    "modified": "2026-06-24T13:58:16.696Z",
    "type": "cve",
    "title": "CVE-2026-57280",
    "source": "jenkins",
    "references": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3792",
    "id": "CVE-2026-57280",
    "bulletinFamily": "",
    "cwe": [
        "CWE-693"
    ],
    "cvelist": null,
    "sourceData": "Jenkins Project Jenkins Script Security Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Jenkins Script Security Plugin",
    "version": "0",
    "vendor": "Jenkins Project",
    "ai_description": "Jenkins Script Security Plugin vulnerability allowing attackers to bypass sandbox protection",
    "ai_severity": "High",
    "ai_vendor": "Jenkins Project",
    "ai_product": "Jenkins Script Security Plugin",
    "ai_version": "1402.v94c9ce464861 and earlier",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply