CVE-2026-57282
Analyzed Analyzed - Analysis Complete

Jenkins Git Client Plugin Command Injection via Workspace Directory

Vulnerability report for CVE-2026-57282, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-06-26

Assigner: Jenkins Project

Description

Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-06-26
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
jenkins git_client to 6.6.1 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in Jenkins Git client Plugin 6.6.0 and earlier allows attackers who can control the name of a build's working directory to execute arbitrary operating system commands on the agent. This could potentially lead to unauthorized access or manipulation of data processed by Jenkins.

Such unauthorized command execution risks compromising the confidentiality, integrity, and availability of data, which are core principles in compliance frameworks like GDPR and HIPAA.

Therefore, if exploited, this vulnerability could lead to non-compliance with these regulations due to potential data breaches or unauthorized data processing.

Executive Summary

This vulnerability exists in Jenkins Git client Plugin version 6.6.0 and earlier. It occurs because the plugin does not properly escape the workspace directory name when embedding it into a generated SSH wrapper script. This improper escaping allows an attacker who can control the name of a build's working directory to execute arbitrary operating system commands on the agent.

Impact Analysis

If exploited, this vulnerability allows an attacker to execute arbitrary operating system commands on the Jenkins agent. This could lead to unauthorized access, modification, or destruction of data, disruption of build processes, or further compromise of the system hosting the Jenkins agent.

Mitigation Strategies

To mitigate this vulnerability, you should update the Jenkins Git client Plugin to a version later than 6.6.0 where the issue with escaping the workspace directory name in the SSH wrapper script is fixed.

Additionally, ensure that build workspace directory names are controlled and sanitized to prevent attackers from injecting arbitrary commands.

Detection Guidance

This vulnerability involves the Jenkins Git client Plugin 6.6.0 and earlier, where the workspace directory name is not correctly escaped in a generated SSH wrapper script, allowing command execution if an attacker controls the working directory name.

To detect if your system is vulnerable, you should first verify the version of the Jenkins Git client Plugin installed on your Jenkins instance.

  • Check the installed plugin version via Jenkins UI or by running a command on the Jenkins server, for example:
  • curl -sSL http://your-jenkins-server/pluginManager/api/json?depth=1 | jq '.plugins[] | select(.shortName=="git-client") | {version}'

If the version is 6.6.0 or earlier, your system is vulnerable.

Additionally, you can inspect the workspace directory names used in your builds to see if any contain unusual or malicious characters that could be exploited.

Since the vulnerability involves SSH wrapper scripts generated during builds, monitoring build logs for suspicious command execution or unexpected behavior related to SSH operations may help detect exploitation attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57282. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart