CVE-2026-57284
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
Jenkins Pipeline: Groovy Plugin version 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.
Risk Assessment
The risk involves potential unauthorized modification of job or system configuration in Jenkins, which could lead to privilege escalation, data integrity compromise, or full control over the CI/CD server.
Recommendation
It is recommended to immediately update Jenkins Pipeline: Groovy Plugin to a version newer than 4331.v9d06ed4658ff that includes proper type restrictions in the Pipeline Snippet Generator.
Original NVD description (English source)
Jenkins Pipeline: Groovy Plugin 4331.v9d06ed4658ff and earlier does not restrict the types that can be instantiated through the Pipeline Snippet Generator, allowing attackers to instantiate types related to job or system configuration other than Pipeline steps.

