Loading market data...
← Back to CVE feed

CVE-2026-57280

HIGH CVSS 8.8 View on NVD ↗

Description

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: Jun 24, 2026 14:17 UTC Modified: Jun 24, 2026 15:16 UTC