CVE-2026-48922

Source
https://cve.org/CVERecord?id=CVE-2026-48922
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48922.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-48922
Aliases
Published
2026-05-27T15:16:31.847Z
Modified
2026-07-15T06:10:05.300329Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node.

References

Affected packages

Git / github.com/jenkinsci/credentials-binding-plugin

Affected ranges

Type
GIT
Repo
https://github.com/jenkinsci/credentials-binding-plugin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:jenkins:credentials_binding:*:*:*:*:*:jenkins:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "725.ve52b_2328a_fde"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

523.*
523.vd859a_4b_122e6
604.*
604.vb_64480b_c56ca_
621.*
621.v58c0fb_d285a_c
626.*
626.v8d9034b_8ea_cc
631.*
631.v861c06d062b_4
636.*
636.v55f1275c7b_27
642.*
642.v737c34dea_6c2
657.*
657.v2b_19db_7d6e6d
677.*
677.vdc9d38cb_254d
679.*
679.v6288482e873c
681.*
681.vf91669a_32e45
687.*
687.v619cb_15e923f
696.*
696.v256688029804
702.*
702.vfe613e537e88
717.*
717.v951d49b_5f3a_a_
719.*
719.v80e905ef14eb_
720.*
720.v3f6decef43ea_
credentials-binding-1.*
credentials-binding-1.0
credentials-binding-1.0-beta-1
credentials-binding-1.1
credentials-binding-1.10
credentials-binding-1.11
credentials-binding-1.12
credentials-binding-1.13
credentials-binding-1.14
credentials-binding-1.15
credentials-binding-1.16
credentials-binding-1.17
credentials-binding-1.18
credentials-binding-1.19
credentials-binding-1.2
credentials-binding-1.20
credentials-binding-1.21
credentials-binding-1.22
credentials-binding-1.23
credentials-binding-1.24
credentials-binding-1.25
credentials-binding-1.26
credentials-binding-1.27
credentials-binding-1.3
credentials-binding-1.4
credentials-binding-1.5
credentials-binding-1.6
credentials-binding-1.7
credentials-binding-1.8
credentials-binding-1.9

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "283660994997888405768199147020961668954",
                "15855581707764508958002099614103293276",
                "330732045090305727294702774515370538817",
                "93316226126330783940200223441381298433"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2026-48922-59e005d5",
        "target": {
            "file": "src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java"
        }
    },
    {
        "source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "54927892099451988298524109991504126850",
            "length": 277.0
        },
        "deprecated": false,
        "id": "CVE-2026-48922-5bb86107",
        "target": {
            "function": "write",
            "file": "src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java"
        }
    },
    {
        "source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "195038947790412657062521144976539978095",
            "length": 277.0
        },
        "deprecated": false,
        "id": "CVE-2026-48922-86de94cb",
        "target": {
            "function": "write",
            "file": "src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/ZipFileBinding.java"
        }
    },
    {
        "source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "283660994997888405768199147020961668954",
                "15855581707764508958002099614103293276",
                "78316376180200344807500284930581927249",
                "155587145842520603649964638249945931511"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2026-48922-cccc5f9c",
        "target": {
            "file": "src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/ZipFileBinding.java"
        }
    },
    {
        "source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "1767505516840155050236542239488810681",
                "266820379255261441490380393376870958390",
                "244299128633468332403507263872305189252",
                "220487582766312408480422522542664515624",
                "234296419679755238253450819801040691742",
                "267318703204051511977550572964312237579",
                "26693008279118337373701682075747344426",
                "155292940623917241115018024171098530642",
                "266953341949812537367165591733567384505",
                "131811147344513303390766550340312156807",
                "272319848610685935508124550793282959999"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2026-48922-ddcc3145",
        "target": {
            "file": "src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/Security3672Test.java"
        }
    }
]
vanir_signatures_modified
"2026-07-15T06:10:05Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48922.json"