Vulnerability Details CVE-2026-33002
Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected origin for comparison using the Host or X-Forwarded-Host HTTP request headers, making it vulnerable to DNS rebinding attacks that allow bypassing origin validation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.3%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2026-33002
-
cpe:2.3:a:jenkins:jenkins:2.426.3
-
cpe:2.3:a:jenkins:jenkins:2.440.1
-
cpe:2.3:a:jenkins:jenkins:2.440.2
-
cpe:2.3:a:jenkins:jenkins:2.440.3
-
cpe:2.3:a:jenkins:jenkins:2.442
-
cpe:2.3:a:jenkins:jenkins:2.443
-
cpe:2.3:a:jenkins:jenkins:2.444
-
cpe:2.3:a:jenkins:jenkins:2.445
-
cpe:2.3:a:jenkins:jenkins:2.446
-
cpe:2.3:a:jenkins:jenkins:2.447
-
cpe:2.3:a:jenkins:jenkins:2.448
-
cpe:2.3:a:jenkins:jenkins:2.449
-
cpe:2.3:a:jenkins:jenkins:2.450
-
cpe:2.3:a:jenkins:jenkins:2.451
-
cpe:2.3:a:jenkins:jenkins:2.452
-
cpe:2.3:a:jenkins:jenkins:2.452.1
-
cpe:2.3:a:jenkins:jenkins:2.452.2
-
cpe:2.3:a:jenkins:jenkins:2.452.3
-
cpe:2.3:a:jenkins:jenkins:2.452.4
-
cpe:2.3:a:jenkins:jenkins:2.453
-
cpe:2.3:a:jenkins:jenkins:2.454
-
cpe:2.3:a:jenkins:jenkins:2.455
-
cpe:2.3:a:jenkins:jenkins:2.456
-
cpe:2.3:a:jenkins:jenkins:2.457
-
cpe:2.3:a:jenkins:jenkins:2.458
-
cpe:2.3:a:jenkins:jenkins:2.459
-
cpe:2.3:a:jenkins:jenkins:2.460
-
cpe:2.3:a:jenkins:jenkins:2.461
-
cpe:2.3:a:jenkins:jenkins:2.462
-
cpe:2.3:a:jenkins:jenkins:2.462.1
-
cpe:2.3:a:jenkins:jenkins:2.462.2
-
cpe:2.3:a:jenkins:jenkins:2.462.3
-
cpe:2.3:a:jenkins:jenkins:2.463
-
cpe:2.3:a:jenkins:jenkins:2.464
-
cpe:2.3:a:jenkins:jenkins:2.465
-
cpe:2.3:a:jenkins:jenkins:2.466
-
cpe:2.3:a:jenkins:jenkins:2.467
-
cpe:2.3:a:jenkins:jenkins:2.468
-
cpe:2.3:a:jenkins:jenkins:2.469
-
cpe:2.3:a:jenkins:jenkins:2.470
-
cpe:2.3:a:jenkins:jenkins:2.471
-
cpe:2.3:a:jenkins:jenkins:2.472
-
cpe:2.3:a:jenkins:jenkins:2.473
-
cpe:2.3:a:jenkins:jenkins:2.474
-
cpe:2.3:a:jenkins:jenkins:2.475
-
cpe:2.3:a:jenkins:jenkins:2.476
-
cpe:2.3:a:jenkins:jenkins:2.477
-
cpe:2.3:a:jenkins:jenkins:2.478
-
cpe:2.3:a:jenkins:jenkins:2.479
-
cpe:2.3:a:jenkins:jenkins:2.479.1
-
cpe:2.3:a:jenkins:jenkins:2.479.2
-
cpe:2.3:a:jenkins:jenkins:2.479.3
-
cpe:2.3:a:jenkins:jenkins:2.480
-
cpe:2.3:a:jenkins:jenkins:2.481
-
cpe:2.3:a:jenkins:jenkins:2.482
-
cpe:2.3:a:jenkins:jenkins:2.483
-
cpe:2.3:a:jenkins:jenkins:2.484
-
cpe:2.3:a:jenkins:jenkins:2.485
-
cpe:2.3:a:jenkins:jenkins:2.486
-
cpe:2.3:a:jenkins:jenkins:2.487
-
cpe:2.3:a:jenkins:jenkins:2.488
-
cpe:2.3:a:jenkins:jenkins:2.489
-
cpe:2.3:a:jenkins:jenkins:2.490
-
cpe:2.3:a:jenkins:jenkins:2.491
-
cpe:2.3:a:jenkins:jenkins:2.492
-
cpe:2.3:a:jenkins:jenkins:2.492.1
-
cpe:2.3:a:jenkins:jenkins:2.492.2
-
cpe:2.3:a:jenkins:jenkins:2.492.3
-
cpe:2.3:a:jenkins:jenkins:2.493
-
cpe:2.3:a:jenkins:jenkins:2.494
-
cpe:2.3:a:jenkins:jenkins:2.495
-
cpe:2.3:a:jenkins:jenkins:2.496
-
cpe:2.3:a:jenkins:jenkins:2.497
-
cpe:2.3:a:jenkins:jenkins:2.498
-
cpe:2.3:a:jenkins:jenkins:2.499
-
cpe:2.3:a:jenkins:jenkins:2.500
-
cpe:2.3:a:jenkins:jenkins:2.501
-
cpe:2.3:a:jenkins:jenkins:2.502
-
cpe:2.3:a:jenkins:jenkins:2.503
-
cpe:2.3:a:jenkins:jenkins:2.504
-
cpe:2.3:a:jenkins:jenkins:2.504.1
-
cpe:2.3:a:jenkins:jenkins:2.504.2
-
cpe:2.3:a:jenkins:jenkins:2.504.3
-
cpe:2.3:a:jenkins:jenkins:2.505
-
cpe:2.3:a:jenkins:jenkins:2.506
-
cpe:2.3:a:jenkins:jenkins:2.507
-
cpe:2.3:a:jenkins:jenkins:2.508
-
cpe:2.3:a:jenkins:jenkins:2.509
-
cpe:2.3:a:jenkins:jenkins:2.510
-
cpe:2.3:a:jenkins:jenkins:2.511
-
cpe:2.3:a:jenkins:jenkins:2.512
-
cpe:2.3:a:jenkins:jenkins:2.513
-
cpe:2.3:a:jenkins:jenkins:2.514
-
cpe:2.3:a:jenkins:jenkins:2.515
-
cpe:2.3:a:jenkins:jenkins:2.516
-
cpe:2.3:a:jenkins:jenkins:2.516.1
-
cpe:2.3:a:jenkins:jenkins:2.516.2
-
cpe:2.3:a:jenkins:jenkins:2.516.3
-
cpe:2.3:a:jenkins:jenkins:2.517
-
cpe:2.3:a:jenkins:jenkins:2.518
-
cpe:2.3:a:jenkins:jenkins:2.519
-
cpe:2.3:a:jenkins:jenkins:2.520
-
cpe:2.3:a:jenkins:jenkins:2.521
-
cpe:2.3:a:jenkins:jenkins:2.522
-
cpe:2.3:a:jenkins:jenkins:2.523
-
cpe:2.3:a:jenkins:jenkins:2.524
-
cpe:2.3:a:jenkins:jenkins:2.525
-
cpe:2.3:a:jenkins:jenkins:2.526
-
cpe:2.3:a:jenkins:jenkins:2.527
-
cpe:2.3:a:jenkins:jenkins:2.528
-
cpe:2.3:a:jenkins:jenkins:2.528.1
-
cpe:2.3:a:jenkins:jenkins:2.528.2
-
cpe:2.3:a:jenkins:jenkins:2.528.3
-
cpe:2.3:a:jenkins:jenkins:2.529
-
cpe:2.3:a:jenkins:jenkins:2.530
-
cpe:2.3:a:jenkins:jenkins:2.531
-
cpe:2.3:a:jenkins:jenkins:2.532
-
cpe:2.3:a:jenkins:jenkins:2.533
-
cpe:2.3:a:jenkins:jenkins:2.534
-
cpe:2.3:a:jenkins:jenkins:2.535
-
cpe:2.3:a:jenkins:jenkins:2.536
-
cpe:2.3:a:jenkins:jenkins:2.537
-
cpe:2.3:a:jenkins:jenkins:2.538
-
cpe:2.3:a:jenkins:jenkins:2.539
-
cpe:2.3:a:jenkins:jenkins:2.540
-
cpe:2.3:a:jenkins:jenkins:2.541
-
cpe:2.3:a:jenkins:jenkins:2.541.1
-
cpe:2.3:a:jenkins:jenkins:2.541.2
-
cpe:2.3:a:jenkins:jenkins:2.542
-
cpe:2.3:a:jenkins:jenkins:2.543
-
cpe:2.3:a:jenkins:jenkins:2.544
-
cpe:2.3:a:jenkins:jenkins:2.545
-
cpe:2.3:a:jenkins:jenkins:2.546
-
cpe:2.3:a:jenkins:jenkins:2.547
-
cpe:2.3:a:jenkins:jenkins:2.548
-
cpe:2.3:a:jenkins:jenkins:2.549
-
cpe:2.3:a:jenkins:jenkins:2.550
-
cpe:2.3:a:jenkins:jenkins:2.551