CVE-2026-33004 PUBLISHED

Assigner: jenkins
Reserved: 17.03.2026 Published: 18.03.2026 Updated: 18.03.2026

Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Product Status

Vendor	Jenkins Project
Product	Jenkins LoadNinja Plugin
Versions	Default: unaffected affected from 0 to 2.1 (incl.)

References

Jenkins Security Advisory 2026-03-18