{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33002", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2026-03-17T15:04:07.616Z", "datePublished": "2026-03-18T15:15:25.002Z", "dateUpdated": "2026-03-19T14:45:46.878Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2026-03-18T15:15:25.002Z"}, "affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"version": "0", "versionType": "maven", "lessThan": "2.426.3", "status": "unaffected"}, {"version": "2.427", "versionType": "maven", "lessThan": "2.442", "status": "unaffected"}, {"version": "2.555", "versionType": "maven", "lessThan": "*", "status": "unaffected"}, {"version": "2.541.3", "versionType": "maven", "lessThan": "2.541.*", "status": "unaffected"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation."}], "references": [{"name": "Jenkins Security Advisory 2026-03-18", "url": "https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3674", "tags": ["vendor-advisory"]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-350", "lang": "en", "description": "CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T14:43:30.815362Z", "id": "CVE-2026-33002", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T14:45:46.878Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-33002", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-19T14:43:30.815362Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-350", "description": "CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T14:45:24.513Z"}}], "cna": {"affected": [{"vendor": "Jenkins Project", "product": "Jenkins", "versions": [{"status": "unaffected", "version": "0", "lessThan": "2.426.3", "versionType": "maven"}, {"status": "unaffected", "version": "2.427", "lessThan": "2.442", "versionType": "maven"}, {"status": "unaffected", "version": "2.555", "lessThan": "*", "versionType": "maven"}, {"status": "unaffected", "version": "2.541.3", "lessThan": "2.541.*", "versionType": "maven"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3674", "name": "Jenkins Security Advisory 2026-03-18", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2026-03-18T15:15:25.002Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33002", "state": "PUBLISHED", "dateUpdated": "2026-03-19T14:45:46.878Z", "dateReserved": "2026-03-17T15:04:07.616Z", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "datePublished": "2026-03-18T15:15:25.002Z", "assignerShortName": "jenkins"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "matchCriteriaId": "B3638046-C2A7-4BEF-95E1-6E5C493DAA39", "versionEndExcluding": "2.541.3", "versionStartIncluding": "2.426.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "matchCriteriaId": "7C72BD61-34BC-4609-9019-4C342792D538", "versionEndExcluding": "2.555", "versionStartIncluding": "2.442", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation."}], "id": "CVE-2026-33002", "lastModified": "2026-03-21T00:18:44.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-18T16:16:28.187", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3674"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-350"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "jenkins: Jenkins: Origin validation bypass via DNS rebinding in CLI WebSocket endpoint", "id": "2448643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448643"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "status": "draft"}, "cwe": "CWE-346", "details": ["A flaw was found in Jenkins. A remote attacker could exploit a vulnerability in the origin validation of requests made through the Command Line Interface (CLI) WebSocket endpoint. By manipulating the Host or X-Forwarded-Host HTTP headers, an attacker can perform Domain Name System (DNS) rebinding attacks. This allows bypassing the origin validation, potentially leading to unauthorized actions within the Jenkins environment."], "name": "CVE-2026-33002", "package_state": [{"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Out of support scope", "package_name": "jenkins", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}], "public_date": "2026-03-18T15:15:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-33002\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33002\nhttps://www.jenkins.io/security/advisory/2026-03-18/#SECURITY-3674"], "statement": "This vulnerability is rated as Moderate by Red Hat, as the possible impacts of successful exploitation are tied to the permissions assigned to the anonymous user.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,2.426.3)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[2.427,2.442)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[2.555,*)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[2.541.3,2.542.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Jenkins", "source": "cna", "vendor": "Jenkins Project"}, "product": "jenkins", "vendor": "jenkins_project"}], "analysis": {"en": {"generated_at": "2026-03-21T07:08:49.333016+00:00", "value": {"mitigation_remediation": ["Upgrade to Jenkins 2.555 or LTS 2.542 or newer, which contain the upstream fix for the origin validation bypass.", "Verify that the Jenkins instance restarts without configuration errors after the upgrade.", "If the CLI WebSocket endpoint is unused, consider disabling it entirely for added defense in depth.", "If a reverse proxy is employed, ensure that only trusted origins are allowed and that X\u2011Forwarded\u2011Host headers cannot be forged."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution via CLI"}, "threat_synthesis": {"affected_systems": "Jenkins Project releases from 2.442 through 2.554 and LTS releases from 2.426.3 through 2.541.2 are vulnerable. All installers and Docker images built from these version ranges are affected. The vulnerability does not impact earlier or newer releases outside these ranges.", "description_and_impact": "A flaw in Jenkins\u2019 CLI WebSocket endpoint allows an attacker to bypass origin validation using DNS rebinding. The server trusts the Host or X\u2011Forwarded\u2011Host headers to compute an expected origin, but the calculation can be subverted by an attacker who controls the domain name used in the WebSocket request. Successful exploitation permits an attacker to run arbitrary commands on the Jenkins controller, exposing the system to complete takeover.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity, while an EPSS score of less than 1% suggests that widespread exploitation is currently uncommon. As the flaw relies on a standard DNS rebinding technique, an attacker only needs control of a domain to target a Jenkins instance that accepts CLI WebSocket requests. The vulnerability remains unlisted in the CISA KEV catalog, but the potential for remote code execution warrants immediate attention."}}}}, "created": "2026-03-19T08:56:35.260687+00:00", "updated": "2026-03-24T10:58:42.423725+00:00", "vendors": ["jenkins_project", "jenkins_project$PRODUCT$jenkins"]}