Cyber Posture

CVE-2026-48921

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: affectedAppOther: not affectedOth

Published: 27 May 2026

Published
27 May 2026
Modified
28 May 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 14.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-48921 is a high-severity Link Following (CWE-59) vulnerability in Jenkins Pipeline\. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 14.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Vulnerability enables arbitrary file read on controller via symlink following in shared libraries.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-59
OWASP Top 10 Web 2025
A01:2025

Affected Products

jenkins
pipeline\
_groovy_libraries

EU & UK References

References