CVE-2026-10276EPSS p18.4%

CVE-2026-10276CVE-2026-10276

Description

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component get_build_status/get_build_log/trigger_build. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Scoring

CVSS 6.3 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS0.27% probability of exploitation · percentile 18.4% · 2026-06-18T12:00:27Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10280
CVE
CVE-2026-53436
CVE
CVE-2026-53435
CVE
CVE-2026-48926
CVE
CVE-2026-10274
CVE
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.