Tag
#Jenkins
Critical Vulnerability in Jenkins OWASP ZAP Plugin Allows Arbitrary Code Execution
A critical vulnerability (CVE-2026-57301) with a CVSS score of 8.8 has been discovered in the Jenkins OWASP ZAP Plugin, affecting versions 1.0.7 and earlier. This vulnerability allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller. Immediate action is required to update to a patched version.
Critical Vulnerability in Jenkins External Workspace Manager Plugin Allows Remote Code Execution
A critical vulnerability, CVE-2026-57296, with a CVSS score of 8.8, was discovered in the Jenkins External Workspace Manager Plugin. This vulnerability allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, potentially leading to remote code execution. The plugin versions 1.3.2 and earlier are affected. Organizations using this plugin are urged to update to the latest version to mitigate this vulnerability.