Jenkins · Appspider Plugin · CVE-2026-48923
**Name of the Vulnerable Software and Affected Versions**
Jenkins AppSpider Plugin versions prior to 1.0.18
**Description**
A missing permission check in a method implementing form validation allows users with Overall/Read permissions to trigger a connection to an attacker-specified URL.
**Recommendations**
Update to version 1.0.18 or later.