CVE-2026-57301 | Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build op…

Description

Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller.

Metadata

CVE ID: CVE-2026-57301
State: PUBLISHED
Assigner: jenkins
Reserved: 2026-06-24 08:41 UTC
Published: 2026-06-24 13:20 UTC
Last updated: 2026-06-24 13:20 UTC
Vendor / Product: Jenkins Project / Jenkins OWASP ZAP Plugin
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (1)

Vendor	Product	Platform	Versions
Jenkins Project	Jenkins OWASP ZAP Plugin	—	0 ≤ 1.0.7

References (1)

Jenkins Security Advisory 2026-06-24 https://www.jenkins.io/security/advisory/2026-06-24/#SECURITY-3649