CVE-2026-57301

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 24, 2026

Vendor unknown

Description

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

References

https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3649