CVE-2026-33001
ADVISORY - githubSummary
Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running Jenkins. This can be exploited to deploy malicious scripts or plugins on the controller by attackers with Item/Configure permission, or able to control agent processes.
EPSS Score: 0.00005 (0.002)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Link Resolution Before File Access ('Link Following')
ADVISORY - github
ADVISORY - redhat
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-33001
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.8highGitHub
CVSS SCORE
8.8highAlpine
CREATED
UPDATED
ADVISORY IDCVE-2026-33001
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Bitnami
CREATED
UPDATED
ADVISORY ID
BIT-jenkins-2026-33001
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
8.8highRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-33001
EXPLOITABILITY SCORE
2.0
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.8highminimos
CREATED
UPDATED
ADVISORY ID
MINI-2cc2-qwm4-28mj
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-9fxm-jf7m-f835
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-ggfv-34mc-4hfw
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-gxww-9vmx-w34q
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-r8xf-35p5-g845
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-