CVE-2026-48921

Vulnerability Description

Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem.

Vulnerability Details

Published Date

May 27, 2026

Last Modified

May 27, 2026

Source

NVD

Vendor

Jenkins Project

Product

Jenkins Pipeline: Groovy Libraries Plugin

External References

https://www.jenkins.io/security/advisory/2026-05-27/#SECURITY-3727

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment