PT-2026-51807 · Jenkins · Jenkins Contrast Continuous Application Security Plugin

Published

2026-06-24

Updated

2026-06-24

CVE-2026-57297

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-57297

Affected Products

Jenkins Contrast Continuous Application Security Plugin

PT-2026-51807 · Jenkins · Jenkins Contrast Continuous Application Security Plugin

CVE-2026-57297

Related Identifiers

Affected Products

References · 2