Medium severity4.3NVD Advisory· Published May 27, 2026· Updated Jun 2, 2026
CVE-2026-48926
CVE-2026-48926
Description
Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4<=143.v044a_2e819b_27+ 3 more
- (no CPE)range: <=143.v044a_2e819b_27
- cpe:2.3:a:jenkins:job_import:143.v044a_2e819b_27:*:*:*:*:jenkins:*:*
- cpe:2.3:a:jenkins:job_import:*:*:*:*:*:jenkins:*:*range: <=122.v35289550f1e6
- (no CPE)range: <=143.v044a_2e819b_27
Patches
Vulnerability mechanics
References
1- www.jenkins.io/security/advisory/2026-05-27/nvdVendor Advisory
News mentions
2- Jenkins Security Advisory: 13 CVEs Across 11 Plugins Disclosed May 2026Vypr Intelligence · May 27, 2026
- Jenkins Security Advisory 2026-05-27Jenkins Security Advisories · May 27, 2026