CVE-2026-10276
hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery
CVSS Score
6.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_build. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
| CWE | CWE-918 |
| Vendor | hekmon8 |
| Product | jenkins-server-mcp |
| Published | Jun 1, 2026 |
| Last Updated | Jun 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for hekmon8 jenkins-server-mcp
Be the first to know when new medium vulnerabilities affecting hekmon8 jenkins-server-mcp are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
hekmon8 / Jenkins-server-mcp
0.1.0
References
vuldb.com: https://vuldb.com/vuln/367569 vuldb.com: https://vuldb.com/vuln/367569/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10276 vuldb.com: https://vuldb.com/submit/825412 github.com: https://github.com/hekmon8/Jenkins-server-mcp/issues/4 github.com: https://github.com/hekmon8/Jenkins-server-mcp/
Credits
๐ ccccccctfi (VulDB User) VulDB CNA Team