Jenkins Script Security Plugin Vulnerability Affects Jenkins by CloudBees
CVE-2026-42519

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Script Security Plugin
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-42519?

A flaw in the Jenkins Script Security Plugin allows attackers with the Overall/Read permission to gain unauthorized access, enabling them to enumerate both pending and approved classpaths. This exposes sensitive scripts and configurations, potentially leading to further exploitation or unauthorized actions within the Jenkins environment. It is crucial for users to update their plugins to mitigate the risks posed by this vulnerability, as detailed in Jenkins Security Advisory 2026-04-29.

Affected Version(s)

Jenkins Script Security Plugin 0 <= 1399.ve6a_66547f6e1

References

https://www.jenkins.io/security/advisory/2026-04-29/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Apr 28, 2026

CVE-2026-42519 Data

JSON