CVE-2026-42524

HIGH 8.0

CVSS Score

8.0

EPSS Score

0.0%

EPSS Percentile

0th

Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Vendor	jenkins project
Product	jenkins html publisher plugin
Published	Apr 29, 2026
Last Updated	Apr 29, 2026

Stay Ahead of the Next One

Get instant alerts for jenkins project jenkins html publisher plugin

Be the first to know when new high vulnerabilities affecting jenkins project jenkins html publisher plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Jenkins Project / Jenkins HTML Publisher Plugin

0 ≤ 427

References

NVD ↗ CVE.org ↗ EPSS Data ↗

jenkins.io: https://www.jenkins.io/security/advisory/2026-04-29/#SECURITY-3706