Vulnerability Details CVE-2026-57282
Jenkins Git client Plugin 6.6.0 and earlier does not correctly escape the workspace directory name when it is embedded into a generated SSH wrapper script, allowing attackers able to control the name of a build's working directory to execute arbitrary operating system commands on the agent.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 5.0