CVE-2026-57296
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution.
| Vendor | jenkins project |
| Product | jenkins external workspace manager plugin |
| Published | Jun 24, 2026 |
| Last Updated | Jun 24, 2026 |
Stay Ahead of the Next One
Get instant alerts for jenkins project jenkins external workspace manager plugin
Be the first to know when new high vulnerabilities affecting jenkins project jenkins external workspace manager plugin are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Jenkins Project / Jenkins External Workspace Manager Plugin
0 โค 1.3.2