CVE-2026-33001 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 19, 2026
Jenkins - Path Traversal
Published: March 18, 2026Updated: March 19, 2026Remote Exploitable
Overview
Jenkins <= 2.554 and LTS <= 2.541.2 contains a path traversal caused by unsafe handling of symbolic links during extraction of .tar and .tar.gz archives, letting attackers with Item/Configure permission or control over agent processes write files arbitrarily on the filesystem.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers with specific permissions can write files arbitrarily, potentially deploying malicious scripts or plugins on the Jenkins controller.
Mitigation
Update to a version later than 2.554 or LTS later than 2.541.2.
Related Resources
Details
- CVE ID
- CVE-2026-33001
- Severity
- High
- CVSS Score
- 8.8
- Type
- path_traversal
- Status
- unconfirmed
CWE
- CWE-59
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H