CVE Catalog

CVE-2026-57283

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile — higher than 5% of all known CVEs

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator.

Risk Assessment

An attacker can exploit CSRF to perform unauthorized modifications to job or system configuration in Jenkins, potentially compromising the integrity and security of the CI/CD environment.

Recommendation

It is recommended to immediately update the Jenkins Pipeline: Groovy Plugin to a version newer than 4331.v9d06ed4658ff, which includes a fix for the CSRF vulnerability.

Original NVD description (English source)

A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier allows attackers to instantiate types related to job or system configuration other than Pipeline steps through the Pipeline Snippet Generator.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS