CVE-2026-42519
Published Apr 29, 2026
·Updated
A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
Affected Software
2 affected components
Jenkins Script Security Plugin<=1399.ve6a_66547f6e1
Jenkins Script Security Jenkins<=1399.ve6a_66547f6e1
Event History
Apr 29, 2026
CVE Published
via MITRE·01:31 PM
Data Sourced
via MITRE·01:31 PM
Description
Data Sourced
via NVD·02:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-42519?
CVE-2026-42519 is classified as a medium severity vulnerability.
2
How do I fix CVE-2026-42519?
To fix CVE-2026-42519, upgrade to Jenkins Script Security Plugin version 1400 or later.
3
What impact does CVE-2026-42519 have on Jenkins installations?
CVE-2026-42519 allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths.
4
Who is affected by CVE-2026-42519?
Any Jenkins installation using Script Security Plugin version 1399.ve6a_66547f6e1 or earlier is affected by CVE-2026-42519.
5
What should I do if I cannot upgrade to fix CVE-2026-42519?
If you cannot upgrade, consider restricting access to Overall/Read permissions to mitigate the impact of CVE-2026-42519.