CVE 8.8 HIGH

CVE-2026-57296_CVE-2026-57296

June 24, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution.

AI Analysis

Path traversal vulnerability in Jenkins External Workspace Manager Plugin allowing attackers to read arbitrary files on the Jenkins controller file system

Basic Information

ID CVE-2026-57296

Source jenkins

Published Jun 24, 2026 at 13:20

Modified Jun 24, 2026 at 14:37

Affected Product

Vendor Jenkins Project

Product Jenkins External Workspace Manager Plugin

Version 1.3.2

Affected Versions Jenkins Project Jenkins External Workspace Manager Plugin 0

CWE Classification

CWE-22

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Jenkins Project

Product Jenkins External Workspace Manager Plugin

Version 1.3.2 and earlier

References

www.jenkins.io /security/advisory/2026-06-24/

{
    "lastseen": "",
    "description": "Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution.",
    "published": "2026-06-24T13:20:13.363Z",
    "modified": "2026-06-24T14:37:14.661Z",
    "type": "cve",
    "title": "CVE-2026-57296",
    "source": "jenkins",
    "references": "https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3777",
    "id": "CVE-2026-57296",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "Jenkins Project Jenkins External Workspace Manager Plugin 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Jenkins External Workspace Manager Plugin",
    "version": "1.3.2",
    "vendor": "Jenkins Project",
    "ai_description": "Path traversal vulnerability in Jenkins External Workspace Manager Plugin allowing attackers to read arbitrary files on the Jenkins controller file system",
    "ai_severity": "High",
    "ai_vendor": "Jenkins Project",
    "ai_product": "Jenkins External Workspace Manager Plugin",
    "ai_version": "1.3.2 and earlier",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply