cvedb.io
CVE-2026-57280
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-06-24T14:17:33.910 · Last modified 2026-06-24T15:16:43.113

Summary

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.