CVE Catalog

CVE-2026-57303

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile — higher than 13% of all known CVEs

Summary

The Assembla Plugin for Jenkins version 1.4 and earlier does not configure its XML parser to prevent XXE attacks, allowing attackers to control responses from the Assembla server and extract secrets from the Jenkins controller.

Risk Assessment

Attackers can exploit this vulnerability to gain access to sensitive data or perform server-side request forgery attacks, potentially leading to serious security breaches.

Recommendation

It is recommended to update the Assembla Plugin to the latest version that improves the XML parser configuration to prevent XXE attacks.

Original NVD description (English source)

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS