CVE-2026-57300 PUBLISHED

Assigner: jenkins
Reserved: 24.06.2026 Published: 24.06.2026 Updated: 24.06.2026

A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pipeline replay scripts of jobs they can access.

Product Status

Vendor	Jenkins Project
Product	Jenkins MCP Server Plugin
Versions	Default: affected Version 0.172.174.v9f72da_90a_710 is unaffected unaffected from 0.178.vffe5a_e770f3b_ to * (excl.)

References

Jenkins Security Advisory 2026-06-24