CVE-2026-57281_CVE-2026-57281

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Basic Information

ID CVE-2026-57281

Source jenkins

Published Jun 24, 2026 at 13:20

Modified Jun 24, 2026 at 13:56

Affected Product

Vendor Jenkins Project

Product Jenkins Script Security Plugin

Affected Versions Jenkins Project Jenkins Script Security Plugin 0

CWE Classification

CWE-693 CWE-93

References

www.jenkins.io /security/advisory/2026-06-24/

{
    "lastseen": "",
    "description": "Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.",
    "published": "2026-06-24T13:20:04.648Z",
    "modified": "2026-06-24T13:56:59.301Z",
    "type": "cve",
    "title": "CVE-2026-57281",
    "source": "jenkins",
    "references": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3793",
    "id": "CVE-2026-57281",
    "bulletinFamily": "",
    "cwe": [
        "CWE-693",
        "CWE-93"
    ],
    "cvelist": null,
    "sourceData": "Jenkins Project Jenkins Script Security Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Jenkins Script Security Plugin",
    "version": "0",
    "vendor": "Jenkins Project",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}