CVE-2026-48922

HIGH 7.5

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node.

Vendor	jenkins project
Product	jenkins credentials binding plugin
Published	May 27, 2026
Last Updated	May 27, 2026

Stay Ahead of the Next One

Get instant alerts for jenkins project jenkins credentials binding plugin

Be the first to know when new high vulnerabilities affecting jenkins project jenkins credentials binding plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Jenkins Project / Jenkins Credentials Binding Plugin

0 ≤ 720.v3f6decef43ea_

References

NVD ↗ CVE.org ↗ EPSS Data ↗

jenkins.io: https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3790