Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node.
{
"cpe": "cpe:2.3:a:jenkins:credentials_binding:*:*:*:*:*:jenkins:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "725.ve52b_2328a_fde"
}
],
"source": "CPE_RANGE"
}[
{
"source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"283660994997888405768199147020961668954",
"15855581707764508958002099614103293276",
"330732045090305727294702774515370538817",
"93316226126330783940200223441381298433"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-48922-59e005d5",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java"
}
},
{
"source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "54927892099451988298524109991504126850",
"length": 277.0
},
"deprecated": false,
"id": "CVE-2026-48922-5bb86107",
"target": {
"function": "write",
"file": "src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/FileBinding.java"
}
},
{
"source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "195038947790412657062521144976539978095",
"length": 277.0
},
"deprecated": false,
"id": "CVE-2026-48922-86de94cb",
"target": {
"function": "write",
"file": "src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/ZipFileBinding.java"
}
},
{
"source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"283660994997888405768199147020961668954",
"15855581707764508958002099614103293276",
"78316376180200344807500284930581927249",
"155587145842520603649964638249945931511"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-48922-cccc5f9c",
"target": {
"file": "src/main/java/org/jenkinsci/plugins/credentialsbinding/impl/ZipFileBinding.java"
}
},
{
"source": "https://github.com/jenkinsci/credentials-binding-plugin/commit/e52b2328afdebcb69852687392fde94b174eaec4",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"1767505516840155050236542239488810681",
"266820379255261441490380393376870958390",
"244299128633468332403507263872305189252",
"220487582766312408480422522542664515624",
"234296419679755238253450819801040691742",
"267318703204051511977550572964312237579",
"26693008279118337373701682075747344426",
"155292940623917241115018024171098530642",
"266953341949812537367165591733567384505",
"131811147344513303390766550340312156807",
"272319848610685935508124550793282959999"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2026-48922-ddcc3145",
"target": {
"file": "src/test/java/org/jenkinsci/plugins/credentialsbinding/impl/Security3672Test.java"
}
}
]
"2026-07-15T06:10:05Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48922.json"