CVE-2026-57283
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator.
Risk Assessment
An attacker can exploit CSRF to perform unauthorized modifications to job or system configuration in Jenkins, potentially compromising the integrity and security of the CI/CD environment.
Recommendation
It is recommended to immediately update the Jenkins Pipeline: Groovy Plugin to a version newer than 4331.v9d06ed4658ff, which includes a fix for the CSRF vulnerability.
Original NVD description (English source)
A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator.

