Jenkins released security updates for multiple plugins, including Active Directory, LDAP, AppSpider, Bitbucket OAuth, Credentials Binding, Email Extension, GitHub Integration, Job Import, Multijob, and Pipeline: Groovy Libraries. The most severe issues affect the LDAP and Active Directory plugins, which could follow LDAP referrals to attacker-controlled RMI URLs and trigger deserialization on the Jenkins controller, creating a potential path to remote code execution under certain conditions.
The advisory also addressed a range of additional plugin vulnerabilities, including arbitrary file read, arbitrary file write that could enable code execution, phishing through an open redirect, CSRF-triggered actions, credential ID enumeration, and SSRF-like outbound connections. Jenkins separately disclosed a stored XSS flaw in the buildgraph-view plugin that remained unresolved at publication time, leaving users without an available fix for that issue.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
On 2026-05-27, Jenkins also disclosed a stored cross-site scripting vulnerability affecting the buildgraph-view plugin. No fix was available for this issue at the time of publication.
On 2026-05-27, Jenkins disclosed multiple security vulnerabilities affecting the Active Directory, AppSpider, Bitbucket OAuth, Credentials Binding, Email Extension, GitHub Integration, Job Import, LDAP, Multijob, and Pipeline: Groovy Libraries plugins, and released fixes for them. The most severe issues involved the LDAP and Active Directory plugins following LDAP referrals to attacker-controlled RMI URLs, which could lead to deserialization and possible remote code execution on the Jenkins controller under certain conditions.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
4 references tracked. Mallory keeps watching after this page renders.
securityonline.info
Open sourcecyber.gc.ca
Open sourcejenkins.io
Open sourceseclists.org
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.