Unrated severityNVD Advisory· Published Jun 24, 2026· Updated Jun 24, 2026

CVE-2026-57303

Description

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Jenkins Project/Assembla Auth Pluginllm-fuzzy
Range: <=1.4

Patches

Vulnerability mechanics

References

www.jenkins.io/security/advisory/2026-06-24/mitrevendor-advisory

News mentions

Jenkins Security Advisory 2026-06-24
Jenkins Security Advisories · Jun 24, 2026

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000