CVE-2026-42522

Q: What is the severity of CVE-2026-42522?

CVE-2026-42522 is considered a critical vulnerability due to the potential to exploit GitHub App credentials.

Q: How do I fix CVE-2026-42522?

To fix CVE-2026-42522, update the Jenkins GitHub Branch Source Plugin to a version later than 1967.vdea_d580c1a_b_a_.

Q: Who is affected by CVE-2026-42522?

CVE-2026-42522 affects users of Jenkins GitHub Branch Source Plugin version 1967.vdea_d580c1a_b_a_ and earlier.

Q: What actions can attackers perform due to CVE-2026-42522?

Attackers can connect to a specified URL using unauthorized GitHub App credentials if they have Overall/Read permission.

Q: Is there a workaround for CVE-2026-42522?

There is no specific workaround for CVE-2026-42522 other than upgrading the affected plugin version.

Published Apr 29, 2026

Updated

A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials.

Affected Software

2 affected components

Jenkins GitHub Branch Source Plugin<=1967.vdea_d580c1a_b_a_

Jenkins Github Branch Source Jenkins<=1967.vdea_d580c1a_b_a

Event History

Apr 29, 2026

CVE Published

via MITRE·01:31 PM

Data Sourced

via MITRE·01:31 PM

Description

Data Sourced

via NVD·02:16 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2026-42522?

CVE-2026-42522 is considered a critical vulnerability due to the potential to exploit GitHub App credentials.

How do I fix CVE-2026-42522?

To fix CVE-2026-42522, update the Jenkins GitHub Branch Source Plugin to a version later than 1967.vdea_d580c1a_b_a_.

Who is affected by CVE-2026-42522?

CVE-2026-42522 affects users of Jenkins GitHub Branch Source Plugin version 1967.vdea_d580c1a_b_a_ and earlier.

What actions can attackers perform due to CVE-2026-42522?

Attackers can connect to a specified URL using unauthorized GitHub App credentials if they have Overall/Read permission.

Is there a workaround for CVE-2026-42522?

There is no specific workaround for CVE-2026-42522 other than upgrading the affected plugin version.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.