Question 1

What is CVE-2026-57303 — CVE-2026-57303?

Accepted Answer

Jenkins Assembla Plugin 1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers able to control the responses of the configured Assembla server to extract secrets from the Jenkins controller or perform server-side request forgery.

Question 2

What is the authoritative source for CVE-2026-57303?

Accepted Answer

CVE-2026-57303 (CVE-2026-57303) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVSS	7.1 ()
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Last modified	2026-06-24

CVE-2026-57303CVE-2026-57303

Description

Scoring