CVE-2026-10276
Description
Jenkins-server-mcp 0.1.0 is vulnerable to SSRF via the jobPath parameter, allowing attackers to make requests to internal or attacker-controlled hosts.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Jenkins-server-mcp 0.1.0 is vulnerable to SSRF via the jobPath parameter, allowing attackers to make requests to internal or attacker-controlled hosts.
Vulnerability
A server-side request forgery (SSRF) vulnerability exists in Jenkins-server-mcp version 0.1.0. The jobPath parameter in the get_build_status, get_build_log, and trigger_build functions within src/index.ts can be manipulated to prepend a /. This allows the constructed Axios request URL, such as /${args.jobPath}/${buildNumber}/api/json, to become protocol-relative, targeting internal or attacker-controlled hosts instead of the configured Jenkins URL [1].
Exploitation
An attacker can exploit this vulnerability by invoking Jenkins-server-mcp tools like get_build_status, get_build_log, or trigger_build. The attacker needs network egress to their chosen target, which can be an internal host or an external server. By providing a jobPath that starts with a /, the server will make a request to the attacker-controlled endpoint. The project was informed early, but no response has been received [1].
Impact
Successful exploitation of this SSRF vulnerability allows an attacker to cause the Jenkins-server-mcp to make arbitrary network requests on behalf of the server. This can lead to the disclosure of sensitive information from internal network resources or facilitate further attacks against internal systems. The scope of the compromise is limited to the network access and privileges of the Jenkins-server-mcp process itself [1].
Mitigation
As of the report date, a fixed version for Jenkins-server-mcp 0.1.0 is not available. The project was notified of the vulnerability but has not yet responded. No workarounds or patches have been disclosed in the available references [1].
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =0.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The jobPath argument is concatenated into Axios request URLs without proper sanitization, allowing protocol-relative paths."
Attack vector
An attacker can invoke Jenkins-server-mcp tools such as get_build_status, get_build_log, or trigger_build. The server must have network egress to attacker-chosen or internal targets. No upstream validation strips leading slashes or rejects absolute/protocol-relative paths. The attacker can provide a jobPath that begins with a slash, leading to a protocol-relative URL that targets an attacker-controlled or internal host instead of the configured JENKINS_URL [ref_id=1].
Affected code
The vulnerability exists in the jobPath function within the file src/index.ts. Specifically, the jobPath argument is directly incorporated into Axios request URLs in functions like `this.axiosInstance.get(`/${args.jobPath}/${buildNumber}/api/json`)` and related POST calls [ref_id=1].
What the fix does
The advisory does not specify a patch or fixed version. It recommends rejecting jobPath values beginning with /, \, a scheme, or //, and normalizing job paths as Jenkins path components rather than URLs. Additionally, it suggests blocking loopback, link-local, RFC1918, and cloud metadata destinations after redirects and DNS resolution [ref_id=1].
Preconditions
- inputAttacker can invoke Jenkins-server-mcp tools such as get_build_status, get_build_log, or trigger_build.
- networkThe server has network egress to attacker-chosen or internal targets.
- inputNo upstream validation strips leading slashes or rejects absolute/protocol-relative paths.
Reproduction
Start a local listener on 127.0.0.1:7777. Invoke get_build_status through mcp-inspector or a raw JSON-RPC client with the following payload: `{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"get_build_status","arguments":{"jobPath":"/127.0.0.1:7777/jenkins-ssrf","buildNumber":"lastBuild"}}}`. Confirm that the listener receives an outbound request [ref_id=1].
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.