CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Email Extension >> 2.97 Security Vulnerabilities

CVE-2026-48920

Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that can be inlined, allowing attackers able to control the email content to specify `file:` URLs for images to read arbitrary files from the Jenkins controller filesystem.

CVSS Score

8.8

EPSS Score

0.004

Published

2026-05-27

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Email Extension >> 2.97 Security Vulnerabilities

Products

Pricing

Contact Us