CVE-2026-57282

CVSS Score & Metrics

Base Score

5.0 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L                                    

Vulnerability Description

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.

Vulnerability Details

Published Date

June 24, 2026

Last Modified

June 24, 2026

CWE ID

CWE-78

Source

NVD

Vendor

Jenkins Project

Product

Jenkins Git client Plugin

External References

https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3723

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment