CVE-2026-33004: Infoleak
Published Mar 18, 2026
·Updated
Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Affected Software
2 affected components
Jenkins LoadNinja Plugin<=2.1
Jenkins Loadninja Jenkins<2.2
Event History
Mar 18, 2026
CVE Published
via MITRE·03:15 PM
Data Sourced
via MITRE·03:15 PM
Description
Data Sourced
via NVD·04:16 PM
DescriptionSeverityWeaknessAffected Software
Mar 31, 58197
Event
via FIRST·12:40 PM
Frequently Asked Questions
1
What is the severity of CVE-2026-33004?
The severity of CVE-2026-33004 is considered high due to the exposure of LoadNinja API keys.
2
How do I fix CVE-2026-33004?
To fix CVE-2026-33004, upgrade the Jenkins LoadNinja Plugin to version 2.2 or later.
3
What type of vulnerability is CVE-2026-33004?
CVE-2026-33004 is a security vulnerability that involves the exposure of sensitive API keys in configuration forms.
4
Which versions of the LoadNinja Plugin are affected by CVE-2026-33004?
Versions up to and including 2.1 of the Jenkins LoadNinja Plugin are affected by CVE-2026-33004.
5
Who is affected by CVE-2026-33004?
Users of Jenkins LoadNinja Plugin version 2.1 and earlier are affected by CVE-2026-33004.