Unrated severityNVD Advisory· Published Jun 24, 2026· Updated Jun 24, 2026

CVE-2026-57296

Description

Jenkins External Workspace Manager Plugin 1.3.2 and earlier does not reject path traversal sequences in the custom workspace path provided to the exwsAllocate Pipeline step, allowing attackers with Item/Configure permission to read arbitrary files on the Jenkins controller file system, which can lead to remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Jenkins Project/External Workspace Manager Pluginllm-create
Range: <=1.3.2

Patches

Vulnerability mechanics

References

www.jenkins.io/security/advisory/2026-06-24/mitrevendor-advisory

News mentions

Jenkins Security Advisory 2026-06-24
Jenkins Security Advisories · Jun 24, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000