Loading market data...
← Back to CVE feed

CVE-2026-57281

HIGH CVSS 7.5 View on NVD ↗

Description

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: Jun 24, 2026 14:17 UTC Modified: Jun 24, 2026 15:16 UTC