PT-2026-51791 · Jenkins · Jenkins Script Security Plugin

Published

2026-06-24

Updated

2026-06-24

CVE-2026-57281

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-93

Related Identifiers

CVE-2026-57281

Affected Products

Jenkins Script Security Plugin

PT-2026-51791 · Jenkins · Jenkins Script Security Plugin

CVE-2026-57281

Weakness Enumeration

Related Identifiers

Affected Products

References · 2