CVE-2026-48922
EUVD-2026-3251327.05.2026, 15:16
Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| jenkins | credentials_binding | 𝑥 < 725.ve52b_2328a_fde |
𝑥
= Vulnerable software versions
Common Weakness Enumeration