CVE-2026-33002

🗓️ 18 Mar 2026 15:15:25Reported by jenkinsType

DNS rebinding in Jenkins WebSocket origin check via Host headers in affected versions.

Reporter	Title	Published	Views	Family All 27
FreeBSD	jenkins -- multiple vulnerabilities	18 Mar 202600:00	–	freebsd
ATTACKERKB	CVE-2026-33002	18 Mar 202615:15	–	attackerkb
AlpineLinux	CVE-2026-33002	18 Mar 202615:15	–	alpinelinux
Chainguard	CVE-2026-33002 vulnerabilities	11 Apr 202614:18	–	cgr
Circl	CVE-2026-33002	21 Mar 202618:44	–	circl
CNNVD	Jenkins 安全漏洞	18 Mar 202600:00	–	cnnvd
CVE	CVE-2026-33002	18 Mar 202615:15	–	cve
EUVD	EUVD-2026-12845	18 Mar 202618:31	–	euvd
Tenable Nessus	FreeBSD : jenkins -- multiple vulnerabilities (970fd0ec-26f5-11f1-a9b1-0cc47ada5f32)	28 Mar 202600:00	–	nessus
Tenable Nessus	Jenkins LTS < 2.541.3 / Jenkins weekly < 2.555 Multiple Vulnerabilities	18 Mar 202600:00	–	nessus

[
  {
    "vendor": "Jenkins Project",
    "product": "Jenkins",
    "versions": [
      {
        "version": "0",
        "versionType": "maven",
        "lessThan": "2.426.3",
        "status": "unaffected"
      },
      {
        "version": "2.427",
        "versionType": "maven",
        "lessThan": "2.442",
        "status": "unaffected"
      },
      {
        "version": "2.555",
        "versionType": "maven",
        "lessThan": "*",
        "status": "unaffected"
      },
      {
        "version": "2.541.3",
        "versionType": "maven",
        "lessThan": "2.541.*",
        "status": "unaffected"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
jenkins	www.jenkins.io/security/advisory/2026-03-18/

18 Mar 2026 15:15Current

EPSS0.00074