VYPR
Medium severity4.3NVD Advisory· Published May 27, 2026· Updated Jun 2, 2026

CVE-2026-48926

CVE-2026-48926

Description

Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • <=143.v044a_2e819b_27+ 3 more
    • (no CPE)range: <=143.v044a_2e819b_27
    • cpe:2.3:a:jenkins:job_import:143.v044a_2e819b_27:*:*:*:*:jenkins:*:*
    • cpe:2.3:a:jenkins:job_import:*:*:*:*:*:jenkins:*:*range: <=122.v35289550f1e6
    • (no CPE)range: <=143.v044a_2e819b_27

Patches

Vulnerability mechanics

References

1

News mentions

2
CVE-2026-48926 · Medium · VYPR