CVE-2026-57301
HIGHDescription
Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| jenkins | official_owasp_zap |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-57301? +
How severe is CVE-2026-57301? +
What products are affected by CVE-2026-57301? +
How do I check if I'm vulnerable to CVE-2026-57301? +
Related Vulnerabilities
Sitecore Experience Platform (XP) prior to 8.0 Initial Release (rev. 141212) and Content Management System (CMS) prior to 7.2 Update-3 …
A vulnerability exists in the Rockwell Automation Emulate3D™, which could be leveraged to execute a DLL Hijacking attack. The application …
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the …
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit …
Spin is the developer tool for building and running serverless applications powered by WebAssembly. Prior to 2.4.3, some specifically configured …
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to …