← back
CVE-2026-57284

CVE-2026-57284

CVSS 4.3 MEDIUMEPSS 0.2%CWE-470
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
24 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
Jenkins Project · Jenkins Pipeline: Groovy Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3677