Jenkins Job Import Plugin Vulnerability Exposes Credentials for Attackers
CVE-2026-48926

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Job Import Plugin
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-48926?

The Jenkins Job Import Plugin, version 143.v044a_2e819b_27 and earlier, has a significant security flaw that lacks proper permission validation in an HTTP endpoint. This vulnerability enables individuals with Overall/Read permissions to gain unauthorized access to sensitive credential IDs stored within Jenkins, potentially exposing critical information and compromising the security of the application.

Affected Version(s)

Jenkins Job Import Plugin 0 <= 143.v044a_2e819b_27

References

https://www.jenkins.io/security/advisory/2026-05-27/#SECU...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 26, 2026

CVE-2026-48926 Data

JSON