VYPR
Medium severity6.5NVD Advisory· Published Apr 29, 2026· Updated May 6, 2026

CVE-2026-42521

CVE-2026-42521

Description

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.plugins:matrix-authMaven
>= 2.0-beta-1, < 3.2.103.2.10

Affected products

14

Patches

Vulnerability mechanics

References

3

News mentions

1