CVE-2026-42521
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42521
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jenkins Matrix Authorization Strategy Plugin 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jenkins Matrix Authorization Strategy Plugin是Jenkins开源的一个为持续集成平台提供基于矩阵的细粒度权限控制机制的插件。 Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1版本至3.2.9版本存在代码问题漏洞,该漏洞源于反序列化继承策略时调用配置中指定类的无参构造函数,未限制可实例化的类,可能导致具有Item/Configure权限的攻击者实例化任意类型,根据类路径上可用的类可能导致信息泄露或其他影
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Jenkins Project | Jenkins Matrix Authorization Strategy Plugin | 2.0-beta-1 ~ 3.2.9 | - |
II. Public POCs for CVE-2026-42521
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42521
请登录查看更多情报信息。
Same Patch Batch · Jenkins Project · 2026-04-29 · 7 CVEs total
| CVE-2026-42525 | Jenkins Microsoft Entra ID Plugin 输入验证错误漏洞 | |
| CVE-2026-42524 | Jenkins HTML Publisher Plugin 跨站脚本漏洞 | |
| CVE-2026-42523 | Jenkins GitHub Plugin 跨站脚本漏洞 | |
| CVE-2026-42522 | Jenkins GitHub Branch Source Plugin 安全漏洞 | |
| CVE-2026-42520 | Jenkins Credentials Binding Plugin 路径遍历漏洞 | |
| CVE-2026-42519 | Jenkins Script Security Plugin 安全漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-42521
No comments yet