PT-2026-51810 · Jenkins · Jenkins Mcp Server Plugin

Published

2026-06-24

Updated

2026-06-24

CVE-2026-57300

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb 2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2026-57300

Affected Products

Jenkins Mcp Server Plugin

PT-2026-51810 · Jenkins · Jenkins Mcp Server Plugin

CVE-2026-57300

Weakness Enumeration

Related Identifiers

Affected Products

References · 2