CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Jenkins Security Advisory 2026-04-29

unknownCVE-2026-42519CVE-2026-42520CVE-2026-42521CVE-2026-42522CVE-2026-42523CVE-2026-42524
Affects plugin: Credentials Binding Affects plugin: GitHub Affects plugin: GitHub Branch Source Affects plugin: HTML Publisher Affects plugin: Matrix Authorization Strategy Affects plugin: Microsoft Entra ID (previously Azure AD) Affects plugin: Script Security

CSIRTS triage

What
Multiple plugins in Jenkins are affected by various vulnerabilities.
Who is affected
Users of the affected Jenkins plugins.
Urgency
Remediation is necessary to maintain security, but the severity is currently unknown.
Action
Monitor for updates related to the affected plugins.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Jenkins

Get an email when a new Jenkins advisory drops — max one per day, one-click unsubscribe.

Details

Source
Jenkins Security Advisories (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-04-29
Exploitation
Not in CISA KEV at last sync

Original advisory: https://www.jenkins.io/security/advisory/2026-04-29/

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-42519coverage & exploitation statusNVD · CVE.org
CVE-2026-42520coverage & exploitation statusNVD · CVE.org
CVE-2026-42521coverage & exploitation statusNVD · CVE.org
CVE-2026-42522coverage & exploitation statusNVD · CVE.org
CVE-2026-42523coverage & exploitation statusNVD · CVE.org
CVE-2026-42524coverage & exploitation statusNVD · CVE.org
CVE-2026-42525coverage & exploitation statusNVD · CVE.org

More from Jenkins Security Advisories