CVE-2026-48920
HighSummary
Jenkins Email Extension Plugin version 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs. This allows attackers controlling the email content to specify `file:` URLs to read arbitrary files from the Jenkins controller filesystem.
Risk Assessment
Attackers may gain access to sensitive data stored on the Jenkins server, potentially leading to serious security breaches and data loss.
Recommendation
It is recommended to update the plugin to the latest version to mitigate this vulnerability and implement appropriate restrictions on email content.
Original NVD description (English source)
Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify `file:` URLs for images to read arbitrary files from the Jenkins controller filesystem.

