QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-42521

Back to search

CVE-2026-42521

Published: Apr 29, 2026

Modified: Apr 29, 2026

PUBLISHED

Description

Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath.

VendorProductVersions

Jenkins Project

Jenkins Matrix Authorization Strategy Plugin

affected
2.0-beta-1 - <= 3.2.9

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now