Critical severity9.0NVD Advisory· Published Apr 29, 2026· Updated May 5, 2026
CVE-2026-42523
CVE-2026-42523
Description
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:gitMaven | < 1.46.0.1 | 1.46.0.1 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-w22p-4x9f-486vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-42523ghsaADVISORY
- www.jenkins.io/security/advisory/2026-04-29/nvdVendor AdvisoryWEB
News mentions
2- ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & MoreThe Hacker News · May 4, 2026
- Jenkins Security Advisory 2026-04-29Jenkins Security Advisories · Apr 29, 2026