CVE-2026-57298

Received Received - Intake

CSRF in Jenkins Contrast Continuous Application Security Plugin

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: Jenkins Project

Description

A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-06-24

Last Modified

2026-06-24

Generated

2026-06-24

AI Q&A

2026-06-24

EPSS Evaluated

N/A

NVD

CVE-2026-57298

EUVD

EUVD-2026-38779

Affected Vendors & Products

Vendor	Product	Version / Range
contrast_security	continuous_application_security_plugin	to 3.11 (inc)
contrast_security	continuous_application_security_plugin	to 3.12 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-352	The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

Impact Analysis

An attacker exploiting this vulnerability can make Jenkins connect to malicious URLs with attacker-controlled credentials.

This could lead to unauthorized actions being performed within Jenkins or on external systems, potentially compromising system integrity or leaking sensitive information.

Executive Summary

This vulnerability is a cross-site request forgery (CSRF) issue in the Jenkins Contrast Continuous Application Security Plugin version 3.11 and earlier.

It allows attackers to trick Jenkins into connecting to a URL specified by the attacker, using credentials such as an attacker-specified username, API key, and service key.

Hi! I’m here to help you understand CVE-2026-57298. Ask me anything about the vulnerability, its impact, or mitigation strategies.

0/70

CVE-2026-57298

CSRF in Jenkins Contrast Continuous Application Security Plugin

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Quick Actions

Chat Assistant

EPSS Chart