CVE-2026-33003 PUBLISHED

Assigner: jenkins
Reserved: 17.03.2026 Published: 18.03.2026 Updated: 18.03.2026

Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Product Status

Vendor	Jenkins Project
Product	Jenkins LoadNinja Plugin
Versions	Default: unaffected affected from 0 to 2.1 (incl.)

References

Jenkins Security Advisory 2026-03-18