CVE-2026-42523

CRITICAL 9.0

CVSS Score

9.0

EPSS Score

0.0%

EPSS Percentile

0th

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.

Vendor	jenkins project
Product	jenkins github plugin
Published	Apr 29, 2026
Last Updated	Apr 29, 2026

Stay Ahead of the Next One

Get instant alerts for jenkins project jenkins github plugin

Be the first to know when new critical vulnerabilities affecting jenkins project jenkins github plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Jenkins Project / Jenkins GitHub Plugin

0 ≤ 1.46.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

jenkins.io: https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3704