cvedb.io
CVE-2026-57281
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-06-24T14:17:34.023 · Last modified 2026-06-24T15:16:43.273

Summary

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not reject Groovy AST transformation annotations carrying an extensions member, allowing attackers able to run sandboxed Groovy scripts to execute code outside the sandbox if a suitable script is present on the classpath of the component that evaluates the script.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.