📦

credentials_binding

Name: credentials_binding
Author: WatchStack

Vendor: jenkins

Login to add this product to WatchStack

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 9 Total Indexed

Avg. EPSS 0.64% Exploit Prob.

Latest CVE CVE-2026-48922 May 27

Security Vulnerability Index

Page 1 / 1

7.5 CVSS

CVE-2026-48922

RCE

Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node.

EPSS: 1.77%

Severity: HIGH

May 27, 2026

0.0 CVSS

CVE-2026-42520

EPSS: 0.00%

Severity:

Jan 01, 0001

Displaying 2 of 9 Total Entries

1

Total 1 Sections