Jenkins Multiple Vulnerabilities

Release Date: 20 Mar 2026

RISK: Medium Risk

TYPE: Servers - Internet App Servers

Multiple vulnerabilities were identified in Jenkins. An attacker could exploit some of these vulnerabilities to trigger spoofing, data manipulation, remote code execution, security restriction bypass and elevation of privilege on the targeted system.

---

Impact

• Spoofing
• Remote Code Execution
• Elevation of Privilege
• Data Manipulation
• Security Restriction Bypass

---

System / Technologies affected

• Jenkins weekly 2.554 and earlier versions
• Jenkins LTS 2.541.2 and earlier versions

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• https://www.jenkins.io/security/advisory/2026-03-18/

---

Vulnerability Identifier

• CVE-2026-33001
• CVE-2026-33002

---

Source

• Jenkins

---

Related Link

• https://www.jenkins.io/security/advisory/2026-03-18/